Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?


Landon Winkelvoss

Recent Posts

3 min read

How to Successfully Implement a Threat Intelligence Program

By Landon Winkelvoss on Nov 23, 2020 5:21:55 PM

Threats continue to occur on a global scale. They are large, they are complex, and they are growing. This problem has led to widespread interest in tailoring intelligence programs that provide insight into business problems and generate actionable outcomes.

For intelligence to drive a security program, organizations need 1) a vehicle to drive, 2) a direction to go, 3) a dedicated driver, and 4) an understanding of the terrain as well as the ability to look back, pivot and maneuver when obstacles are encountered.

The Vehicle: Defensive Security

Optimizing threat intelligence requires a defensive security team with the ability to recognize and respond to incidents, identify and patch vulnerabilities, and track and resolve risk.

Programs do not have to launch in a fully-matured state, because threat intelligence and the environment can be used to guide program development, facilitate continuous improvement, and achieve increasingly higher levels of maturity.

However, even from the beginning, it is critical to the development of a threat intelligence program that if and when an organization identifies a threat, they are able to mitigate or resolve the threat.

The Direction: Priority Intelligence Requirements

Initially identifying the direction a threat intelligence program will travel can be as simple as highlighting an organization’s key threats.

Priority Intelligence Requirements (PIR) assist in addressing key threats by providing a series of questions the threat intelligence team must answer.

No single program is suitable for all organizations. Different organizations will have different priorities. For example, if an organization has significant research and development or high value intellectual property, the first PIR may be to identify:

  • Who is interested in our data and what are their tactics, techniques and procedures?

However, if an organization is inundated with phishing emails related to wire fraud and their position in a supply chain, the first PIR may be to outline:

  • What are the key techniques utilized for wire fraud and supply chain takeover and the proactive steps required to reduce or mitigate the threat?

The Dedicated Driver: Full-Time Resource and Collaboration

A common mistake when developing a threat intelligence program is the failure to provide adequate resources and staffing. In many cases, organizations will assign a person the role in addition to other existing duties. Organizations often balk at hiring a full-time, experienced, threat intelligence analyst. This approach is likely to fail. Without dedicated focus, a part-time analyst will be pulled in too many directions to be able to accurately and effectively perform all of the necessary functions and establish a successful intelligence program.

This individual may lean on solutions like intelligence feeds that are noisy and lack context, preventing the development of actionable intelligence. Without actionable intelligence, it is difficult to justify a threat intelligence program.

Threat intelligence programs require a lot of diplomacy and collaboration. An experienced and successful threat intelligence analyst will be able to effectively communicate with an organization’s c-suite as well as technical and non-technical peers. Experienced analysts have the skills to provide consistently actionable intelligence. Just as importantly, they have the ability to communicate the reason, the process, and the desired outcomes to stakeholders across the organization.

The Terrain: Choosing the Right Supplemental Intelligence

Supplemental intelligence resources fill in gaps that a Threat Intelligence Program is not able to provide on it’s own.

For organizations beginning the process with one analyst, this may be a platform that assists in the collection of data, a targeted intelligence feed, or assistance from a managed intelligence services provider.

Of critical importance is an organization’s understanding of the unique terrain their company will traverse. This allows them to reinforce their intelligence program and prepare for incoming threats. For example, engaging with a threat intelligence company specializing in Advanced Persistent Threats and nation state actors may not be the right choice for a retail manufacturer, but it is imperative for critical infrastructure. Likewise, a medical facility without a clear understanding of ransomware and how to protect against the latest variants is missing knowledge that could allow them to prevent or mitigate attacks.

Based on the unique characteristics of each organization, it is important to reinforce any Threat Intelligence Program with supplemental intelligence and investigative expertise that maps directly to the threats they will likely encounter.

The Obstacles

Regardless of whether an organization is facing cyber-crime, nation state espionage, physical security threats, aggressive online hostiles, or threats targeting their supply chain, it’s critical to have investigative support that helps provide proper context.

The “how”, “why”, and potentially the “who” that inform actionable outcomes determine if a threat or vulnerability requires remediation.

Many threat intelligence providers can provide an early warning, but the investigative follow-through is where the value lies. The ability to rapidly confirm or deny whether a breach is in process can be the difference between success and failure.


Topics: Cybersecurity
Continue Reading
3 min read

An Introduction to Honeypots

By Landon Winkelvoss on Oct 4, 2020 7:23:24 PM

In our latest blog series, we discuss how threat intelligence can be applied smarter for medium sized organizations with limited resources. We discuss ways to proactively detect threats beyond subscribing to information feeds that require a lot of resources to aggregate and ingest into SIEMs.

Continue Reading
2 min read

Making Threat Intelligence Useful for Medium-Sized Enterprises

By Landon Winkelvoss on Sep 28, 2020 9:55:15 AM

Medium-sized enterprises that don’t have sophisticated security operations teams typically focus on the basic blocking and tackling of information security: policies around financial controls, incident response plans, data retention policies, disaster recovery around user access, lifecycle management policies.

Continue Reading
2 min read

Six Considerations for Building a Cyber Threat Intelligence Program

By Landon Winkelvoss on Sep 21, 2020 9:37:01 AM

When evaluating cyber threat intelligence programs for enterprise, organizations should consider six critical topics before spending on data.

Continue Reading
2 min read

Three Steps to Use Threat Intelligence, Red Team, and Blue Team Collaboration to Improve Security

By Landon Winkelvoss on Sep 15, 2020 9:46:51 AM

For many medium and large organizations, a penetration test that results in a “data breach” is going to lead to numerous findings that take months and sometimes years to remediate.

Continue Reading
1 min read

Avoiding Ransomware

By Landon Winkelvoss on Sep 8, 2020 8:24:24 AM

Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night.

Continue Reading
1 min read

Podcast Platitudes

By Landon Winkelvoss on Sep 2, 2020 11:56:49 AM

Cybersecurity is an ever-evolving industry tackling some really challenging problems. Here at Nisos we truly feel that it is necessary to learn from the best at every opportunity, and we try to ensure that all of the material we present makes its consumers better at their jobs the day they consume it.

Continue Reading
2 min read

Four Future Trends of Disinformation Campaigns

By Landon Winkelvoss on Aug 31, 2020 11:42:52 AM

While disinformation has played a powerful role in the geopolitical world over the last four years, enterprise is increasingly needing to be prepared to address numerous types of disinformation as well.

Continue Reading
2 min read

Three Ways to Improve Return on Investment for Threat Intelligence

By Landon Winkelvoss on Aug 26, 2020 9:48:57 AM

If a corporate threat intelligence program is merely focusing on indicators of compromise delivered to a security operations function, they should consider expanding their reach throughout the organization. Mature and maturing security programs spend significant time gathering feedback throughout the enterprise to do what’s good for the business.

Continue Reading
1 min read

Steps for Medium Sized Businesses to Address Cyber Supply Chain Risk

By Landon Winkelvoss on Aug 17, 2020 7:24:47 AM

Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see what’s running. 

Continue Reading
2 min read

Translating Cyber Threat Intelligence for the Rest of the Business

By Landon Winkelvoss on Aug 10, 2020 10:16:53 AM

For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the enterprise and openly promote the capabilities it can bring. 

Continue Reading
2 min read

Using Threat Intelligence to Counter Platform Abuse

By Landon Winkelvoss on Aug 3, 2020 5:17:07 AM

Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but also cause unique security challenges. Not only must they protect their corporate and development systems like all enterprises (endpoints, network infrastructure, container and VM security, etc), they also need to protect customers' data on their platforms.

Continue Reading