In Part 1 of the CSO Series, LookingGlass Chief Technology Officer, Allan Thomson, introduced the key business and technical requirements of Threat Intelligence (TI) programs. In Part 2, he will examine some important definitions to consider in TI and how to start building the program based on the requirements identified in Part 1 of the series. He will introduce the overall vision of the TI program execution, how to perform a gap analysis on existing security programs, and how to identify where your TI program can complement and enhance existing investments.

This series will describe a comprehensive “business technical approach” to the justification, definition, design, and execution of Threat Intelligence Programs.

What do we mean by ‘business technical approach’ to Threat Intelligence (TI)?

Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, and a threat actor’s tactics, techniques, and procedures. But much of the technically focused content does not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching them how to fish for themselves.

A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. Our goal is to help organizations build effective Threat Intelligence programs.

In this series, you will learn:

  • Justification and Impact of Threat Intelligence on Business Functions
  • Hiring, Skills, and Managing TI teams
  • Key roles & functions within TI teams
  • Defining the TI end-to-end process that works in every environment
  • Identifying the tools necessary to support the TI program
  • Ensuring Metrics & Reporting to drive TI program effectiveness and efficiency

We wrap the series with a real-world use case that highlights all of these aspects coming together to deliver a fully automated threat intelligence capability protecting an organization from botnets.