I recently hosted a panel with leading CISOs from around the world. We delved into how “Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise” can be approached from a set of common points and differences. We opened with an overview of ideas that led to each panelist posing their own comments and questions with initial answers. The comments and questions below recap our discussion flow, and provide a current base for understanding the breadth and context of mitigating cybersecurity risks.
Panel Opening Comments
- Security threats are increasing both in frequency and complexity
- Security leaders need to be proactive in this area and put programs in place (people, process, and technology) to protect critical assets
- We have assembled a panel of experts in this area and our goal is to provide recommendations that you can immediately use when you return to your office
Initial panelist comments
As predictive analytics matures, we may see significant improvement in the value of threat intelligence data.
- If you’re spending money on Threat Intelligence, you must have first solved a lot of common problems, such as patch management.
- Be realistic about what you expect to get from Threat Intelligence. Are you looking for Indicators of Compromise? Attribution? Predicting the next attack? Understand the limitations of the various types of Threat Intelligence data.
Second panelists comments
- How does the actionable intelligence change as you move “up the stack” or away from the stack (to human)?
- How is the IoT changing the “actionable” part of actionable intelligence?
Leveraging actionable intelligence is the process of gathering analytics based on the identification and collection of relevant threat information. Unfortunately, threat intelligence is an elusive concept for many companies. By 2020 there will be 50 billion connected devices. There are not enough cyber specialists now to handle current security issues, so businesses need to leverage actionable intelligence and analytics for companies to protect themselves.
- Should threat intelligence be managed internally by companies?
- When threat intelligence is accumulated what is the important information for the c suite?
- What are the company’s concerns regarding their employees in leveraging actionable intelligence?
- How does actionable intelligence apply to regulatory compliance?
How do we deal with the increasing scale and frequency of attacks, and threat actors that far outstrip our budgets and resources? Traditional information security methods within the enterprise are not a match for any of the above seven events.
Threat intelligence provides a possible way to get ahead of these threat actors and threats — to have intelligence on the threats. But, threat intelligence is a new data source, another fire hose of information that requires analysis. And it has a different nature from traditional tools. We’ll only get value out of the threat intelligence information if we properly analyze it and make it actionable.