The Hard Truth about Cyberthreat Intelligence
New cyberthreats emerge every day. Long gone are the days of throwing a firewall on a network and adding antivirus, then calling it a day. Cybercriminals consistently add new threats, and to stay ahead of the bad guys, many in the industry have moved toward using cyberthreat intelligence feeds, reports, and services. However, these threat intelligence feeds can bring several problems. Read on to find out more about them—and what you may want to do instead.
Threat Intelligence: Drinking from the Fire Hose?
There is an abundance of threat intelligence feeds in the market today. Some use only publicly available data, while some use private data. Some are targeted at specific regions. Others focus on industries like government or commerce.
While it’s true you have options, you need to think strategically about which feeds you need to fully cover your clients. If you have clients in multiple industries, this could get overwhelming (and costly). To top it off, with threat intelligence services being relatively new in the marketplace, you must have the cybersecurity knowledge to judge the feed’s quality before you even make a purchase. You often don’t know how useful it will be until you buy it.
Beyond that, the feeds can be overwhelming and hard to operationalize. According to a study from Ponemon Institute, “Only 41% of respondents claimed their organizations were effective in operationalizing their threat intelligence feeds.” The same report claims one major roadblock is that, “Threat intelligence data continues to be too voluminous and complex to be actionable.”
The Value of a Platform
Truthfully, the value of threat intelligence sits within the greater context of your overall security program. It’s only one tool within a larger arsenal—and if that tool is hard to use or too complicated, it defeats the purpose and won’t enhance the value of your other cyberdefenses.
Instead, look to services and platforms that help you place this threat intelligence within the broader context of your full security strategy. Try to choose a threat detection and monitoring platform that leverages multiple intelligence feeds to help detect threats and sound alarms. The threat monitoring solution can automate much of the process and help place your threat intelligence into context alongside other data, like logs. You can then use this information to detect threats and remediate them as soon as possible.
In short, threat intelligence feeds are rarely useful on their own. They need to be placed within their proper context. This often requires a full platform that can not only simplify the data enough to separate the signal from the noise, but also help you turn that information into actionable steps.
SolarWinds Threat Monitor
This year, SolarWinds released SolarWinds® Threat Monitor, designed to help businesses and MSSPs simplify their threat detection and monitoring activities. It uses multiple threat intelligence feeds—including vulnerability feeds and domain and IP reputation databases—to monitor for both known and unknown security threats. It does this in combination with simplified log correlation, intrusion detection, and SIEM components. You won’t have to decide whether individual threat intelligence feeds are worth the subscription—SolarWinds vets them for you and bubbles up the important information. In other words, it’s security simplified.
Visit SolarWinds to learn more.