{"id":35113,"date":"2020-04-27T03:42:28","date_gmt":"2020-04-27T07:42:28","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=35113"},"modified":"2022-08-04T10:18:33","modified_gmt":"2022-08-04T14:18:33","slug":"what-is-threat-intelligence","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/what-is-threat-intelligence\/35113\/","title":{"rendered":"Give your threat intelligence an intelligence test"},"content":{"rendered":"<p>The saying \u201cask and you shall receive\u201d seems to need a footnote or two these days. Make sure the <u><a href=\"https:\/\/static.boredpanda.com\/blog\/wp-content\/uploads\/2016\/06\/funny-online-shopping-fails-5-576cf29c050c5__700.jpg\">furnishings you\u2019re ordering aren\u2019t meant for a doll\u2019s house<\/a><\/u>. Remember that romantic poem, <u><a href=\"https:\/\/static.boredpanda.com\/blog\/wp-content\/uploads\/2016\/06\/funny-online-shopping-fails-7-576cf621a7714__700.jpg\">roses are red; spring onions are green<\/a><\/u>? And quite who would be the happy recipient of this <u><a href=\"https:\/\/static.boredpanda.com\/blog\/wp-content\/uploads\/2016\/06\/funny-online-shopping-fails-33-576d1fcc178c6__700.jpg\">\u2018magical\u2019 Christmas mug<\/a><\/u>, we\u2019ll never know.<\/p>\n<p>Threat intelligence can also be a case of \u2018wrong item delivered.\u2019 There are many products out there described as threat intelligence that aren\u2019t. And customers might not realize they\u2019re not getting what they asked for. So how do you give your threat intelligence an intelligence test?<\/p>\n<h2>Threat intelligence is data analyzed<\/h2>\n<p>Threat intelligence identifies and analyzes cyber threats aimed at your business. The keyword is \u2018analyze.\u2019 It means to sift through piles of data, spot real problems by looking at context and put in place a solution specific to the problem.<\/p>\n<p>It\u2019s most often confused with \u201cthreat data.\u201d Threat data is a list of possible threats, without analysis of context or tailored solutions.<\/p>\n<h2>Threat intelligence should captivate your security team<\/h2>\n<p>Once upon a time, there were IP and URL blacklists. Early security products would just refer to these blacklists to warn of a dangerous IP or URL. Over time, the amount of threat data grew exponentially. It became difficult to define what was a real threat and what wasn\u2019t. Security software wasn\u2019t designed to process so many indicators of compromise, like malicious file hash sums, domains or botnet server addresses.<\/p>\n<p>Some products marketed as threat intelligence include threat feeds and indicators of compromise, but without context \u2013 they\u2019re just vast amounts of raw data.<\/p>\n<p>This is a problem. Giving security operations such \u2018intelligence\u2019 will cause too many false security alerts. Alert fatigue has a serious impact on the overall security of your company. <a href=\"https:\/\/ebooks.cisco.com\/story\/2020-ciso-benchmark\/page\/4\/13\" target=\"_blank\" rel=\"noopener nofollow\">Research found<\/a> 52 percent of security alerts are not investigated.<\/p>\n<blockquote><p>Reams of unprocessed, unstructured raw data shouldn\u2019t even be called \u2018useful,\u2019 let alone \u2018intelligence.\u2019<\/p>\n<\/blockquote>\n<p>And data, however relevant, is useless unless it has context and can be acted upon. With true threat intelligence, an InfoSec team can stop a breach early and protect a network, or realize they\u2019re just seeing everyday malware that doesn\u2019t pose a serious threat.<\/p>\n<h2>Threat intelligence should tell your future<\/h2>\n<p>Identifying yesterday\u2019s threat is history. Threat intelligence now focuses on the quality of data sources. It\u2019s not enough for data to bring insights but not give guidelines for decisions and actions. And when its quality is limited by lack of sources \u2013 such as not seeing into the <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/dark-web-monitoring\/29084\/\" target=\"_blank\" rel=\"noopener nofollow\">darknet<\/a>, or lack of global, multilingual reach \u2013 it can\u2019t be processed into effective threat intelligence. Intelligence must be able to predict how your business should prepare for and combat future threats.<\/p>\n<h2>Threat intelligence should adapt to your organization<\/h2>\n<p>A threat intelligence solution must be able to adapt to an organization\u2019s security needs. It must guide the organization to set up internal data collection points around critical assets. It then matches that data with external threat intelligence to identify threats.<\/p>\n<p>Without this targeted approach, it won\u2019t succeed in prioritizing information needed to defend key assets. As Helen Patton, Chief Information Security Officer (CISO) at Ohio State University said in a 2019 Forbes article, \u201c<u><a href=\"https:\/\/www.forbes.com\/sites\/brysonbort\/2019\/07\/25\/cyber-threat-intelligence-not-for-the-faint-of-heart\/\" target=\"_blank\" rel=\"noopener nofollow\">Threats are only a threat in the context of the risk to the business itself<\/a><\/u>.\u201d<\/p>\n<h2>Threat intelligence can be acted on<\/h2>\n<p>Threat intelligence is something you can act on. It must integrate multiple sources of information into an organization\u2019s security operations, through a single point of entry.<\/p>\n<p>To be effective, the organization must be able to use both machine-readable and human-readable threat intelligence. Its delivery methods and formats must allow it to be smoothly integrated into existing security workflows.<\/p>\n<blockquote><p>Is it threat intelligence, or just threat data? Here\u2019s the test: It must be able to be processed, integrated and converted into information you can immediately act upon.<\/p>\n<\/blockquote>\n<p>It must give unique insights into emerging threats, so security teams can prioritize alerts, maximize resources and accelerate decision-making. Does your organization\u2019s threat intelligence pass? If not, it\u2019s time to get what you were promised.<\/p>\n<p><em>This article was published in April, 2020.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What\u2019s marketed as threat intelligence isn\u2019t always true to the label. Here\u2019s how to know if what you\u2019re getting is up to the task of protecting your business.<\/p>\n","protected":false},"author":2572,"featured_media":43797,"template":"","coauthors":[3777],"class_list":{"0":"post-35113","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-threat-intelligence","7":"emagazine-category-threat-intelligence-2020","8":"emagazine-tag-data-security","9":"emagazine-tag-malware","10":"emagazine-tag-security-operations"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/what-is-threat-intelligence\/35113\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/35113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2572"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43797"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=35113"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=35113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}