For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the enterprise and openly promote the capabilities it can bring.
While incident response, vulnerability management, internal threat hunting, and red teams are typical threat intelligence customers, many large companies see risk at a global scale across the business. As a result, it’s critical to leverage a lot of the data and skillsets of a threat intelligence team to go beyond cyber actors.
Many employees within a large enterprise may not be familiar with processes, capabilities, or contribute to intelligence work. Therefore, it’s important for intelligence teams to work outside of the SOC and liaise with all business functions to promote the benefits of intelligence.
For instance, if a technology company has a product or platform that is used for fraudulent purposes, the threat intelligence team can collect data on specific threat actors via external threat hunting to support the network Security Operations Center (SOC) to prevent the attackers from breaching the network. With the proper automation and data sharing in place, the Trust and Safety or Fraud teams can use the same data to prevent misuse of the product and the product and engineering teams can secure their code against any TTPs identified as associated with the actors.
Check out how Mike Rennie of LogMeIn recommends using threat intelligence data to help application security, fraud, legal, social media, marketing, and acquisition teams across an enterprise below.