Gartner Blog Network

How to Grow to Strategic Threat Intel Consumption?

by Anton Chuvakin  |  August 24, 2016  |  5 Comments

Here is a bitchingly hard question: how to get organizations to move up the maturity scale of using threat intelligence (TI), from blindly [ok, not always blindly] dropping indicator feeds into tools to [at least] appreciating and utilizing strategic threat intelligence?

Now, a cynicist [and …well…aren’t we all?] may say “why help people who won’t help themselves?” For once, this is my job 🙂 But more importantly, there seem to be enough organizations that want to get there, but don’t see a path – so we can provide that.

In essence, how to teach people addicted to instant noodles to appreciate caviar? BTW, my esteemed colleague have used the caviar metaphor first in his recent TI paper, but as a native Russian I totally own all caviar metaphors! 🙂

So, I touched on why they may not be using better intel in the past, but now the question is: how to get them to? BTW, we are NOT talking about the internally-sourced intel, its value is of course indisputable, but the effort is generally even higher than what we are talking about in this post.

Here is an idea of how to start the journey: look at this TI use cases table. Specifically, the column on strategic intel. Pick ONE box, say “Security architecture and monitoring planning based on long-term threats and relevant actor capabilities” and find THREE ways how it is valuable to your organization. Convinced? Then start doing it… BTW, Augusto has great additional ideas here in this post.

P.S. If this seems incomplete, you are not wrong … as usual, we have to save enough juicy stuff for our upcoming TI paper

Blog posts related to threat intelligence:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: security  threat-intelligence  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on How to Grow to Strategic Threat Intel Consumption?

  1. Andre Gironda says:

    If you want people eating cardboard to start appreciating caviar then a start might be to get them to dress, think, and act differently.

    1) Change the name; change the game: Drop the term infosec. Utilize the terms Cyber Operations (Cyber Ops), Cyber Defense, and Cyber Investigations. This doesn’t mean you have to stop using ISO 27k but it does mean that you’ll start using NIST CSF.
    2) Develop, document, and get sign off regarding the mission, vision, and values. Put it in a charter and get full-executive support.
    3) Enact governance with respect to the quantification of risks for senior-management reporting. The quantification must show what and how to invest. Prioritize actions based on return on mitigation.

    • Sorry for a delayed response; a writing deadline looms. Thanks for a great comment re: the name. But risk quantification? Really? What would stop this from being an exercise in calling rnd()?

  2. Sydney Tran says:

    Hello Anton – is there an easy way to subscribe to your blog?

  3. […] How to Grow to Strategic Threat Intel Consumption? […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.