Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Blog

2 min read

Six Considerations for Building a Cyber Threat Intelligence Program

Sep 21, 2020 9:37:01 AM

When evaluating cyber threat intelligence programs for enterprise, organizations should consider six critical topics before spending on data.

It’s natural for an organization to start from one of two places: where they have already been beaten badly enough they need to prioritize threat intelligence (the story-telling approach) or to define the threats targeting their organization and thus go for a more data-driven approach. 

Regardless, it’s important to take methodologies from both sides before thinking about large-scale investments in broader intelligence feeds that can just overwhelm with noise.

Prioritizing The Spend in Threat Intelligence

Threat intelligence feeds and many tools can create opportunity cost and pain if not integrated or thought through in an intelligent manner. Organizations also need to make decisions between building internally, buying externally, or some combination of both. 

Considerations include:

Drilling down further, many organizations start with ransomware because it is pervasive across all enterprises and is used by the full spectrum of threat actors from nation states to unsophisticated criminals. 

To address this threat, a security team may have to:

  • Consider writing IPS rules to protect the network
  • Reduce risk to IOT devices or protocols like RDP and how they access the network
  • Review proximate threats in the email gateway and determine if it’s being delivered directly in a file or a URL or is a proximate threat delivered through a botnet that will need to be blocked at the firewall (Trickbot and Ryuk). 
  • Develop and review redundancy backups 
  • Ensure firewalls between interconnect environments and policies on the endpoint with EDR technology are covered

Check out threat researcher Jamie Kane’s analysis on this topic below.






Written by Landon Winkelvoss

Post a Comment

Featured