Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “The Threat Intel Market…Exposed”, 2) “Threat Data vs. Threat Intelligence” and 1) “Shadow Threat Intel Slides from CarolinaCon 12”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
The Threat Intel Market … Exposed: Saw this post today over on CSO Online very accurately describing what is going on in today’s world of threat intelligence. Put bluntly … most vendors are not selling threat intelligence. Instead I would call it threat data, which lacks the context needed to be considered intelligence. Without context its difficult for an organization to use any of this data effectively. And in some cases shifting resources away from more relevant activities to dealing with the slew of FPs that arise from irrelevant threat indicators can make things worse. If you are going to invest in threat intel, the best bang for the buck would be hiring smart people to create it yourself with data from your own network. And even then it takes a lot of hard work and analysis. (continued here)
Threat Data vs. Threat Intelligence: Following up on our post the other day, we found this great example of the difference between threat data (as in all those “feeds” with indicators) and threat intelligence on Black Hills’ security blog. Basically intelligence is data with context. Creating intelligence from data often involves understanding each indicator within the larger narrative of an attack. And organizations today are using standardized kill chains as that attack narrative. Start mapping enough of these attacks together via indicator placement within the kill chains and soon trends start to emerge. These similarities lead to attacker TTPs … otherwise known as intelligence. Got it? Below is the relevant part of the Black Hills post. (continued here)
Shadow Threat Intel Slides from CarolinaCon 12: Just a quick post to get the slides out from the presentation I gave this morning at CarolinaCon 12. Thanks to the CarolinaCon team for having me! (continued here)
Hope everyone had a wonderful week! Have a great weekend!