Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Technical Blogs

3 min read

Establishing a System to Collect, Enrich, and Analyze Data to Generate Actionable Intelligence

Jul 15, 2020 11:53:58 AM

In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat intelligence programs to leverage and operationalize it.

According to a recent Gartner report, “the value of (threat intelligence) services is sometimes constrained by the customer’s ability to afford, absorb, contextualize, and, especially, use the information provided by the services.” 1

In the meantime, the expected outcomes derived from intelligence in the private sector have started to skyrocket beyond traditional cyber security use cases. 

End users span the breadth of the enterprise, from the CISO and CIO to Risk, Legal, Fraud and Loss Prevention, Product, HR, Public and Investor Relations, Corporate Development, and more. 

Some applications we have seen are:

With so many potential stakeholders across an enterprise, threat intelligence teams must operate with agility and efficiency. It is critical that they deeply understand the collection, context and analysis processes to curate customized intelligence generating specific actionable insights for a broad set of consumers. 

This effort requires significant focus -  threat intelligence teams need to ensure they manage information overload and onboard only those information/data feeds they can and will actually use.

Once a threat intelligence program has identified the problems they seek to address and the categories of questions they need to answer, they can then tailor efforts to collect, enrich, and analyze the right datasets to enable action against their diverse problem set.

Organizations looking to build an in-house program also need to develop a system and tools to develop efficiencies through automation and present data to analysts in an intuitive way. This facilitates tailored monitoring and analysis, supporting the mission of providing intelligence faster and with more accuracy. 

Here are three key pillars we have observed that enable analysis to produce actionable outcomes:

  1. Collection
    Review and understand available data sources, selecting necessary streams of data based on curation of what is available and the needs of the enterprise.

    - Leverage commercial subscription sources containing rich network and external telemetrydata, relevant to your enterprise with coverage and insight into the threats that matter
    - Develop relationships with data brokers to acquire elusive data breach collections and other discrete data sources
    - Automate collection of relevant open source data sets
  2. Retention and Modeling
    Collect, transform, and store data in raw and unified formats.

    - Data stored on cost-effective, scalable infrastructure
    - Unified model of disparate data sets for flexible transformation and efficient correlation
  3. Visualization and Enrichment
    Present data in efficient dashboards and enrich with technical and analytical expertise.

    - Make complex data sources digestible  to all analysts in an intuitive manner
    - Combine input from technical experts and big-picture analysts to enrich data

Taking Action

Action is the essence of any intelligence function. While intelligence is not the “action arm” of any organization, its goal is to provide unique and tailored information to stakeholders that allow them to make timely and informed business decisions.

This can be as tactical as working with engineers to make architectural changes to an application or as strategic as identifying a breach prior to an upcoming acquisition. 

The entire mission of the intelligence function is to ensure stakeholders are armed with information to make good decisions. For security stakeholders, a primary objective is to ensure security incidents do not develop into existential threats to the business. An intelligence program that operates with an efficient system to collect, enrich and analyze data  is a powerful tool to help security leaders achieve that objective.


1. Market Guide for Security Threat Intelligence Products and Services, 20 May 2020

Written by Adam Gayde

Post a Comment