Security News

People have preconceived notions of what threat intelligence is, so they make assumptions in conversations and those assumptions are rarely thought about, much less discussed. The assumption and filter is that threat intelligence equals external threat data.

The purpose of threat intelligence is to collect data from a variety of sources outside of the organization's perimeters and generate intelligence on what is happening "Out there", enriching the organization's security operations. Threat intelligence provides visibility that extends beyond the organization's perimeters - and this visibility is based on the vendor's coverage on intelligence sources.

The growing volume and complexities of cyber threats present a compelling case for adopting threat intelligence platforms, a Frost & Sullivan analysis finds. These solutions help organizations navigate the ever-increasing threat landscape and allow for further analysis and threat intelligence operationalization.

Cyber threat intelligence sharing is a critical tool for security analysts. Common challenges for beginning a cyber threat intelligence sharing program.

iProov has launched the world's first system of global threat intelligence for biometric assurance. iSOC's threat intelligence provides forewarning of major new attacks and enables iProov to prepare and defend against them.

Netskope announced the Cloud Threat Exchange, one of the industry's first cloud-based solutions for the ingestion, curation, and real-time sharing of threat intelligence across enterprise security enforcement points. Any certified, partner, vendor, or customer may use Cloud Threat Exchange to automate the delivery and distribution of high-value, actionable threat intelligence, thus reducing the time to protection and eliminating gaps in coverage.

Some intelligence services focus their efforts on identifying threat actor groups and attack methods, informing their customers whether they are targeted or not. Some terms are beginning to emerge to better define intelligence offerings, with the most prominent one being Digital Risk Protection, or DPO. While it is used by many vendors to describe services designed to identify external threats, it does often time seem to include the traditional "Threat intelligence" as part of the vendor's offering, such as malware IOCs, blurring the lines between the two terms.

The Trustworthy Accountability Group announced the hiring of Danielle Meah, former Global Head of Threat Intelligence for Citigroup, as TAG's first Director of Threat Intelligence. In her new role, Meah will lead the TAG Threat Exchange and work with the industry to foster an effective threat-sharing culture.

The advantages of having decent threat intelligence in place are many and various, as the threat landscape continues to widen year-on-year. The problem, as with any complex big-data project, is cutting through the inevitable data deluge to correctly identify the bits you need - the people, places, technology, and other moving parts to build the picture.

In May 2019, Flashpoint CEO Josh Lefkowitz shared in SecurityWeek tips for evaluating threat intelligence vendors that cover the deep and dark web. I wanted to look at the entire threat intelligence space and provide some thoughts on how to evaluate the best vendors for you.