Many cybersecurity organizations are of the opinion that threat intelligence can prevent, or if not prevent entirely at least lessen, the impact of successful breaches.
While this is likely true, I don’t think every organization automagically benefits from threat intelligence. In fact, having threat intelligence fed into an immature organization won’t likely do much good. Bad decisions can be made on bad information, and even good information can cause trouble when it can’t be properly acted upon. To be able to effectively act on threat intelligence, enterprises need a number of capabilities in place. Here are three:
A good response capability. Imagine information comes in that attackers are targeting your industry, and they are doing so by exploiting certain vulnerabilities in a commonly used application in the industry – but there’s no established way for the organization to respond. Who is responsible for hardening the application? The security team? Operations? If it’s a small organization is it the developers? A little bit of everyone? Who makes sure what changes need to be done are actually done? There’s no sense in investing in threat intelligence if there’s no way to respond intelligently.
Possess a healthy postmortem culture. Not only do organizations need to be able to respond to new threat intelligence, they also need the processes – and the culture – to be able to analyze how well they responded to the new information. This means looking at what worked – and what didn’t work, with the process designed to be empathetic to help those improve who didn’t respond as well as possible. It’s important to also regularly evaluate how the program remains aligned with business objectives.
Obtain an accurate handle on assets. The nature of the IT environment, business value of applications and data need to be completely understood if an organization is going to be able to adequately respond to new threat intelligence. After all, if an organization does not have awareness about the nature of the enterprise IT infrastructure, applications, and where data resides it is pretty inconceivable that they’d be able to understand threat intelligence data and how it changes security posture.
These three capabilities enterprises must have in place before they adopt threat intelligence aren’t hard and they are most certainly implementable. Unfortunately, however, too many enterprises that attempt to implement threat intelligence just forge ahead without laying such a proper foundation.
Despite this, Grand View Research predicts considerable investment in threat intelligence in the years ahead:
- The global threat intelligence market accounted for USD 3,028.9 million in 2016 and is expected to grow at a CAGR of 17.4% from 2017 to 2025
- The demand for incident forensics is estimated to reach USD 1,254.8 million by 2025 and is expected grow at a high rate over the forecast period.
- BFSI emerged as the largest application segment and is estimated to generate revenue over USD 3,282.0 million by 2025.
- Threat intelligence demand in manufacturing applications is anticipated to witness moderate growth over the forecast period.
- The Asia Pacific market is projected to witness substantial growth over the next decade owing to growing adoption of threat intelligence solutions on a large scale. The regional market is expected to grow at a CAGR of 21.1% from 2017 to 2025.
It’s good to see that enterprises want to make more intelligence decisions when it comes to their security defenses and investments. And if they don’t have good intelligence, it’s tough to imagine that they’d be making great security decisions. Likewise, if the right foundation isn’t in place it’s just as difficult to see anyone being able to reap the benefits from their threat intelligence efforts. And if they want to start fully benefiting from their threat intelligence they need to make sure the right foundation is in place.