Security News > 2021 > February > Elevate the Value of Threat Intelligence in the SOC

More organizations are producing and consuming cyber threat intelligence than ever before, and those measuring the effectiveness of their CTI programs is higher than ever - jumping from 4% in 2020 to 38% in 2021, according to the SANS 2021 Cyber Threat Intelligence Survey.

A few areas where CTI adoption seems to be lacking are in integration, automation and operationalizing threat intelligence.

SIEMs were never designed to handle the full threat intelligence management use case or integrate with and handle the volume of data from modern security tools and technologies, like Endpoint Detection and Response, Network Detection and Response and Cloud Detection and Response.

Changing risk scores and prioritizing threat intelligence based on parameters they set around indicator source, type, attributes and context, as well as adversary attributes, allowed them to automatically filter out what's noise and focus on what really matters to the organization rather than wasting time and resources chasing ghosts.

They could see who else within the organization needed to consume and understand this data - the network security team, threat intelligence analysts, threat hunters, forensics and investigations, management, etc.

From tactical intelligence that can be used to create block lists or deploy signatures, to operational intelligence on what techniques are used and tools to watch for, and strategic intelligence to identify possible threat actors and what they are after.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/gcT-WY9zE-8/elevate-value-threat-intelligence-soc