My threat-related research papers are published on Gartner.com. World, please welcome …
- “How to Collect, Refine, Utilize and Create Threat Intelligence”, and
- “Threat Assessment in the Age of the APT”!
The first paper focuses on threat intelligence usage: “Threat intelligence has emerged as a key security control that helps organizations detect, triage and investigate threats. This assessment compares types of threat intelligence data and outlines common usage patterns.”
Select quotes follow:
- “The time has come to invest resources into understanding and countering specific threats — a threat-centric approach will complement the existing preoccupation with vulnerability- and asset-centric security.”
- “To make use of TI, the organization needs not just the tool, but also the entire capability that combines people, process and technology. Prepare to dedicate efforts and time to TI. As with many security technologies, the value you get from threat intelligence is related to the effort you put in.”
- “Usage of threat intelligence adds value on all stages of the attack life cycle, enabling what some companies call “intelligence-led security.”
- “Evaluate TI use cases. The organization should carefully evaluate all use cases for threat intelligence — both strategic and tactical — and select those that map to the needs and capabilities (and of course, maturity levels) of the organization.”
- “On a high level, all security organizations can benefit from knowing more about the threats they face. However, given differences in risks and available resources, organizations may limit their involvement with threat intelligence at different levels of maturity.”
The other paper is centered around threat assessment: “The threat assessment process makes use of threat intelligence in order to determine which threats are relevant to an organization. It identifies threat types, specific threats and even explicit threat actors to include in risk management processes.”
Some fun quotes follow:
- “Threat assessment is most critical to those organizations that must prioritize resource allocation for dealing with advanced and targeted threats.”
- “IT security, physical security, fraud, legal, human resources, compliance and other internal groups all have valuable knowledge that may help coordinate efforts on some aspects of threat assessment.”
- “Establish a repeatable threat assessment process that looks at threat capabilities and intents and then relates them to organizational resources, processes and personnel. Use threat intelligence to fill the gaps in your knowledge and visibility.”
- “Factor threat assessment results and ongoing threat intelligence activities into risk management and security programs in general. Reliable intelligence on how and why threat actors attack a given type of organization should be used to optimize protection against those attacks or to deter them in the first place.”
Blog posts related to threat research project:
- Threat Assessment – A Tough Subject (And Sharks with Fricking Lasers!)
- On Threat Intelligence Management Platforms
- How to Use Threat Intelligence with Your SIEM?
- On Internally-sourced Threat Intelligence
- Delving into Threat Actor Profiles
- On Threat Intelligence Sources
- How to Make Better Threat Intelligence Out of Threat Intelligence Data?
- On Threat Intelligence Use Cases
- On Broad Types of Threat Intelligence
- Threat Intelligence is NOT Signatures!
- The Conundrum of Two Intelligences!
- On Comparing Threat Intelligence Feeds
- Consumption of Shared Security Data
- From IPs to TTPs
- All posts tagged threat intelligence
Previous posts announcing research publication:
- My Updated Vulnerability Management Practices Paper Publishes
- My Security Solution Paths Published: Threats and Vulnerabilities
- All My Research Published in 2013
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.