All is naught if the talent is not embedded in the enterprise. Evaluating internal talent to ensure the right mindset is working on organizational threat intelligence is important. Some suggest that each cyber security threat intelligence operation would benefit from having a veteran of the armed services with an intelligence background. With limited cyber security expertise available, alternative sources of talent are necessary.
Investigating current feeds to ensure action has been taken at some point is cogent business practice. If there is no signal to the noise, the feed is not intelligent- it’s not even information, it is taking talent away from actual security activities thus making the enterprise more vulnerable and less secure.
Actionable information makes for quality intelligence. Once true threat intelligence is coursing through the veins of the organization, a next step is automation. To automate prior to knowing that the intelligence is quality is simply speeding up bad decisions and providing the potential for exponential growth of bad decisions.
Threat hunting is all the rage. And of course, a forward-leaning posture is necessary in 2021 cyber security. While many are diving into threat hunting- few do it well. And even fewer have the discipline in a state where it could be automated with positive effect.
Getting to a point that automated response and remediation information so the organization can make cogent decisions on how the threat intelligence is actually thwarting threats is enterprise nirvana.