Blog_Header.jpg

IntSights' Blog

Upgrade Your Threat Intelligence Program Part 2: Focus on Action, Not Searching

by Nathan Teplow / September 18, 2018

We continue our blog series on how to upgrade your threat intelligence program with part 2: focus on action, not searching. There is lots of threat data and threat intelligence that you can consume. You might think that it's better to have access to as much information as possible, but this isn't always the case. It's important that your team is focused on taking security action, not searching for where to act. Therefore, you need tools in place that help your teams prioritize and remediate threats so that you can stay proactive in defending against threats.

Here is how organizations can focus on action, not searching for where to act.

 

Taking Security Action vs. Searching

To focus on security action, you need to have a solution that helps your team identify where the real issues are and where they should spend their time. There are a lot of solutions out there that do a very good job of bringing data together and providing an interface that allows you to search the data.

However, time is a critical resource when it comes to mitigating cyber threats. Threat intelligence and incident response teams don't have the time to be writing queries and trying to carve information from big data warehouses. Your threat intelligence solution should be doing this analysis and providing relevant threat intel that's catered to your organization. This will make your team much more efficient, allowing them to focus on real threats, rather than filtering through data.

In part 1 of this blog series, we shared how your digital footprint can be used for context and relevancy. By doing this, you can significantly reduce the amount of "threat intelligence noise" and focus on intelligence that specifically relates to your organization.

It's important that your team isn't spending time filtering through false positives and writing data queries all day. Your solution should compare your digital footprint to your threat data, and provide your team with specific and actionable alerts. Finding ways to make your team operate more efficiently will reduce the time to mitigate, which can be the difference between stopping an attack and getting breached.

Make sure you read Part 1 of our blog series, and stay tuned for Part 3 coming next week.

Want to learn more about threat hunting best practices?

IntSights_HUMINT_White_Paper-cover
HUMINT: The Key to Engaging Your Cyber Adversaries 
Download Now

Tags: Threat Intelligence Threat Intel Cybersecurity Cyber Intelligence

0 Comments
previous post HUMINT: The Riskiest (And Most Valuable) Form of Intelligence Gathering
Next Post IntSights Becomes a Cisco Security Technology Alliance Ecosystem Partner
Nathan Teplow

Nathan Teplow

Nathan is a Senior Product Marketing Manager at IntSights, responsible for the company's positioning, messaging and content strategy. He has worked in IT and cybersecurity marketing for over 5 years, holding a number of different roles across product marketing, marketing programs and content marketing. In his free time, he enjoys staying active, being outdoors and following any and all Boston sports teams.