In an everyday context, there isn’t much difference in the value or definition of “information” versus “intelligence.” But in the military, data and information are gathered, evaluated and analyzed to produce intelligence that can be acted on. And, according to the Center for Internet Security (CIS), threat intelligence is what threat information becomes “once it has been collected, evaluated in the context of its source and reliability, and analyzed through rigorous and structured tradecraft techniques by those with substantive expertise and access to all-source information.”
There are numerous open-source options for acquiring threat information, often labeled as intelligence but likely missing guidance or insight from experts and analysts. An online search can quickly provide a robust list of sites offering massive amounts of threat data and information. And while this ready access offers value, the sheer amount of information available can be part of the challenge for many organizations using these feeds.
Those organizations that understand that threat intelligence plays an important role in security operations practices often explore both open-source and paid threat intelligence sources, such as FireEye’s Mandiant Threat Intelligence. Paid sources often also access open-source and private feeds, de-duping and validating the information before providing it to their users. Choosing which source offers your organization the greatest benefit is likely a decision specific to your unique risks, available resources, and business needs.
When evaluating resources, consider these three benefits of paid threat intelligence that can help deliver better security and business outcomes for your organization:
Many open-source threat intelligence platforms gather data by reviewing attacks on member organizations. Each attack undergoes root cause analysis to identify the source of the initial incursion, as well as the malicious payload. Once that data has been gathered, it is uploaded to the platform. By the time each incident has been investigated, and the payload identified, it may be too late for your organization to take advantage of that information in a proactive, preventive manner. The right paid threat intelligence solution can provide you with forward-looking analysis from experts and veteran hunters so you can be prepared for what’s coming, and have insight into what attackers might try next.
Accuracy is one of the most important aspects of effective operation within a security operations organization. Incomplete and/or inaccurate data can lead to mistakes in enforcement and threat hunting. Relying on open-source information can introduce mistakes into your security operations workflows. With review by expert analysts, the threat intelligence from a paid solution cuts through the noise to deliver accurate information from reliable sources.
Intelligence data also needs to be useful in a meaningful way. The ability to natively integrate it into your security incident and event management (SIEM), your security orchestration, automation and response (SOAR), or other security technologies is vital. The intelligence provided also needs to be relevant to your organization, industry and geographical region so that you can prioritize investigation and response actions across your high-value assets and targets using the correct lens.
Evaluating your organization’s need for timely, accurate and actionable threat intelligence should drive your decision whether to use open-source solutions or to invest in a threat intelligence solution. The right solution implemented with an experienced security technology integrator can help you reduce risk across your organization. The experts of Sirius’ Security practice can help you improve your threat detection and prevention outcomes, and help you develop a better security posture utilizing the right threat intelligence solution for your unique needs. Contact our Security team today.