Remediation-based, orchestrated, automated and customized threat intelligence is the goal. Most organizations have a few steps to go before reaching that goal. Cyber Security executives have realized that raw data is not intelligence. The discipline is not called Threat Raw Data, it’s called Threat Intelligence. Global corporate enterprise cyber security executives must move past a collective present ‘feed-based’ mindset.
SIEM solutions have been improving, but at their base lack a response capability. SOAR solutions do answer the response missing in base SIEM solutions, but industry executives note that all solutions do not actualize the promise being offered by most SOAR providers.
While automation might happen with the click of a button, the quality of the data going in will determine the quality of the data coming out. But that’s just the data. The talent needed to work with the data going in and coming out- along with the continual tweaking of the automation tool itself must be in-house. So while one of the promises of automation is to reduce cost, adding automation-focused talent is necessary in order to gain true threat intelligence for the enterprise.
In moving past the feed-based mindset, the context of the evidence-based data being offered must be known. Sharing insights within the community is of paramount importance. The assessment of the insights coming out of that data can become proven organizational knowledge. That knowledge needs to be orchestrated so that action-based response and ultimately remediation can occur.
To ensure the cyber security community achieves this end-goal, please join us at the Cyber Security Digital Summit: Threat Intelligence APAC on 30 - 31 March 2020!