Three Ways to Improve Return on Investment for Threat Intelligence

by | Aug 26, 2020 | Blog, TPRM Exposure

If a corporate threat intelligence program is merely focusing on indicators of compromise delivered to a security operations function, they should consider expanding their reach throughout the organization. Mature and maturing security programs spend significant time gathering feedback throughout the enterprise to do what’s good for the business.

Below are some tips to focus an intelligence and research program beyond just the security operations center and towards the business as a whole, thus providing a higher return on investment for threat intelligence.

Increase Transparency of Intelligence Capabilities

Some security programs are shrouded in secrecy. Corporate security programs should generally attempt to steer clear of this mentality as many tips and leads come from the employee base that want to help.

This happens when the security team is transparent about their access, capabilities, and nature of the investigations they conduct to protect the business and its assets.

Gather the Proper Feedback Across the Enterprise

Security should enable the business, and numbers typically do not tell a business story. For example, the number of indicators of compromise that are fed into a security tool to produce alerts is not a useful story for business leaders.

Feedback needs to be in a consistent loop with business units. If daily or weekly threat briefs are disseminated to a large portion of the business, qualitative metrics or priority intelligence requirements and feedback on reporting should be measured rather than a number of reports generated. Focus groups and surveys with stakeholders should be the norm.

Produce an Intelligence Service Catalogue to Promote Throughout the Business

The entire business should understand the capabilities and service catalogue. The intelligence team(s) should be at the centerpiece of bridging threat and risk between business units that might not be aware of not only what threats exist, but also different intelligence and research capabilities that might exist in different parts of the company.

Some examples might be:

  • Merger and acquisition diligence
  • Insider threat investigations for the legal team
  • Third party risk management and supply chain assessments
  • Investigations and intelligence sharing with the Physical Security team
  • Country risk assessments for the Corporate Development team
  • Intelligence support to inform secure DevOps for the Development team
  • Brand and reputation intelligence for the Marketing team

Check out more on this topic from  industry and Nisos experts during a recent videocast on measuring return on investment for threat intelligence: 

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks