Gartner Blog Network


Threat Intelligence and Operational Agility

by Anton Chuvakin  |  August 13, 2015  |  3 Comments

I sometimes say that “threat intel doesn’t help people who don’t help themselves.” Ti-agility Here is one particular example: if you buy the best threat intelligence possible – mixed strategic and tactical, with full actor information, detailed indicators, and with revelations about future attacks targeted to your organization, can you really benefit from it? Those who procure such intel from the likes of “eyeVision”, “eyeProtection” and “ThrongHit” :-) – real intel, not just indicator lists – need to be able to act on the results and sometimes such ability to act is just operationally infeasible for a less mature organization.

For example, at my Threat Intel roundtable at Gartner Catalyst 2015, the conversation turned to this subject: “if you hear 3 days in advance that you will be hit with a colossal DDoS attack of a particular type, will it help you?” Some people answered “yes” and pointed at specific things they can do in the time they have; others said “sort of” – they would still take heavy damage, but may be able to reduce panic and avoid some mistakes in responding (after all, “unpleasant surprise” is usually worse than just “some unpleasantness”). A few said that they will be able to do a few things only… and if such “3 day attack warning” costs them $100K, they won’t sign for it.

The situation is even ‘worse’ with targeted attacks. If you hear that “Bearlike Mammal of Death” group will try to steal your critical data using lethal APT tactics, knowing this is unlikely to help if you don’t have the defenses, tools, people and effective processes already in place. You can target your defenses much better with such valuable intel, but it won’t save you on its own….

In other words, remember that intel alone does NOT win wars. The actual warfighters (= skilled security professionals) with weapons (=security tools) as well as threat intel do. Telling armed peasants and spearmen that a ballistic missile is coming does not help – even if you know the exact model and who launched it…

Blog posts related to threat intelligence:

Category: security  threat-intelligence  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Threat Intelligence and Operational Agility


  1. […] Anton Chuvakin I sometimes say that “threat intel doesn’t help people who don’t help themselves.” […]

  2. That’s why we all need to evolve from PPP (Product, People, Process) to TIPP – Technology, Intelligence, People, Process.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.