For some, these two words literally drip with sex appeal of battles at the very frontier of cyber-space, James Bond-like stunts of APTs, and incredibly powerful – and, of course, super-secret! – exploits known only to the select few. For others, TI is a boring list of IP addresses, promised to be “bad” by some unknown party with questionable skill levels, and yet another security function to procure and manage.
My first project of the year will focus on sorting through all this noise in order to answer questions such as these:
- What types of threat intelligence (TI) data are out there?
- What capabilities for threat intelligence should organizations develop?
- How to use threat intelligence data operationally? [a key focus!]
- How to compare threat intelligence data feeds?
- How to integrate threat intelligence data with SIEM, NFT, ETDR and other security tools?
- What is internal threat intelligence and who creates it?
- How to start your threat intelligence capability?
FYI, existing Gartner coverage of threat intelligence:
- Definition: Threat Intelligence
- Technology Overview for Security Threat Intelligence Service Providers
- How to Select a Security Threat Intelligence Service
- Information Sharing as an Industry Imperative to Improve Security
And here is my call to action:
- Vendors, got anything to say about it? Here is a briefing link … you know what to do!
- Enterprises, got a threat intelligence-related story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).