CSOs naturally get excited whenever something new pops up on the cybersecurity horizon, especially when it has the potential to mitigate the prevalence and acuteness of cyber attacks. So as threat intelligence services started picking up steam, many became eager to jump into the bandwagon.
Before making that decision, however, it is crucial that CSOs first define their current business situation. This includes determining your organization’s most valuable assets — is it your customers’ sensitive information, or trade secrets?
Next, is to take stock of the current state of your cybersecurity and the goals that you’d wish to achieve through threat intelligence — do you need to monitor adversaries or get protection from malware and phishing attacks or both?
Then there’s the crucial question of resources and budgets. Understanding your business and what it requires will help you determine what to focus your attention on and what you can afford.
When those things have been decided, then and only then must you proceed to explore existing services. And you begin by asking the right questions. This post explores five of the crucial ones that will guide you in making the right choice
1. Where is the data coming from?
TI data can be gathered from outside or within your network, from open or closed sources, or from sources coming from different countries. But regardless of where the data may come from, keep in mind that the more sources are being offered, the better it is to cover the full picture of the threat landscape.
Importantly, to make sure that target areas are being covered and prevent wasting resources, data should be relevant to your current business situation and the threats that you currently face, be it being prone to malicious insiders or attacks coming from the outside.
2. How recent is the data?
Your organization can quickly navigate under attack, focus on things that matter, and make better decisions when TI data is up to date. For this reason, it is important to check how often TI data is refreshed. Is it every two hours? Once a day? Once a week?
Knowing the frequency of updates has tremendous implications on the particular application for which the data is being sourced. Cybercriminals would have already made their escape if data were to arrive late. Malware would be easy to upload if the alert takes too long to process. Confidential data would have already been stolen if a phishing attack was not announced sooner.
3. Are the right feeds included?
Not all organizations face the same threats. In fact, what could pose a problem for you may not be so for another. It is therefore important to make sure that the TI data feeds you get are relevant to your needs as well as to the threats that you face. It also makes sense that you get the data in the file formats that you can easily input into your system.
If the data is incompatible with what you require, you’ll get lost in a sea of information rather than being able to anticipate emerging threats. You may also be getting data that is too hard to interpret, making you unable to make timely decisions.
4. Is integration possible?
Integrating TI feeds into your organization’s systems and applications via APIs leads to fast and streamlined access to TI data across departments.
Insights are acted upon faster when everyone is informed. Executives are able to make strategic business and investment decisions when they are privy to relevant analysis. Even ordinary employees benefit through API integration, such as when domain reputation scores are available for them to evaluate the safety of websites without the need to approach threat intelligence specialists for guidance.
5. Are different types of report available?
Reports, coming as part of threat intelligence services, offer the big advantage of conveying information faster. Not every report is relevant to everyone, however. Senior executives need high-level insights that will help them assess their organization’s overall cybersecurity situation.
In parallel, security awareness specialists in charge of reducing the risk of employees getting misled by scammers might be more interested in understanding what type of phishing attacks most commonly hit them.
CSOs can only choose the right threat intelligence services if they understand their businesses well. Having done so, it would be easy to find the right answers with regards to questions on data sourcing, timeliness, relevance, and ease of integration that best fit their organization’s requirements.