Page 80 - Cyber Defense eMagazine October 2023
P. 80
6 Signs It’s Time to Reimagine Threat Intelligence
Today’s standard approach to threat intelligence may provide you a lot of information, yet you may still
feel that your ability to proactively protect against threats is still lacking. Here are some of the ways in
which today’s approach to threat intelligence is leaving your vulnerable and resource constrained.
Data Overload: Today, threat hunters have access to data about numerous threats around the world.
But is all that data necessarily? These large, uncurated data sets make threat detection and response
difficult due to the sheer volume of entries that must be sifted through to find what’s actually actionable.
Outdated Data: A quick reaction time is of the essence if threat hunters want to protect their
environments. But intelligence can be delayed due to processing and delivery through a tool, and 94%
of organizations today rely on reports, which often convey outdated intelligence. This deprives
organizations of being able to respond to threats in real time, leaving you vulnerable to evolving threats
or responding after an attack has already happened.
Irrelevant Threats: In addition to the volume of threats, threat hunting teams are inundated with data
that isn't relevant, like threat actors working in other parts of the world or targeting other industries.
Security teams must sift through large data sets to find threats that are truly applicable to their
organization — not an organization around the world.
Resource Constraints: Sifting through these data sets doesn't just consume the time and energy of
your security team members. Running large, uncurated data sets through your security tools will impact
their performance and slow down threat response. Continuously upgrading your tools to accommodate
growing amounts of data can incur additional operational costs as well.
False Positives: Another challenging side effect of ingesting these large, uncurated data sets are the
false positives it's likely to return, due to outdated or irrelevant data. Addressing each false positives —
which can take an average of 32 minutes to investigate — takes valuable time away from threat hunting
or other security tasks, delaying the protection needed.
Supply Chain Risk: Trying to manage those uncurated data sets doesn't just mean that you're missing
threats to your organization. It also means that you're not tracking threats to your vendors or third-party
providers in your supply chain, either — which, considering the number of attacks to supply chains have
increased 742% over the past three years, can also place you in danger.
Evolve Your Threat Hunting to Threat Reconnaissance
Ultimately, a bloated threat intelligence feed doesn't lead to better security. You may have information on
every threat actor out there at your fingertips, yet still be unable to protect your organization because you
didn't have actionable, contextually relevant intelligence from streamlined feeds.
This is why security teams who want to move from a reactive to a proactive stance should look for tools
that provide intelligence that is applicable to you and your organization. Better intelligence can enhance
your visibility into threat actor behavior, getting that intelligence in real time allows you to act on it quickly,
Cyber Defense eMagazine – October 2023 Edition 80
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.