Don’t Get Caught Off Base: Make Threat Intelligence a Security Imperative

“Offense wins games, but defense wins championships.” You’ve probably heard this old adage with respect to professional sports, but the proverb can also shed light on the importance of threat intelligence in cybersecurity operations, where weak defense can result in much more costly repercussions than a home run by the opposing team.

When it comes to protecting your organization, a security operations center (SOC), like a good baseball team, needs a strong defense to prevent attackers from scoring, predict the offense’s next move and proactively hunt for threats. To do so, security teams need to understand the different types of threat intelligence and the value that each contributes to the decision-making process at different levels of the enterprise.

Make Your Draft Picks

All SOCs are not created equal. They come in different shapes and sizes, but they all share the goals of protecting their organization and fighting malicious actors. The right threat intelligence at the right time empowers your team to block attacks in real time and helps mitigate the risk of attackers affecting your brand and reputation. So how do you choose the right threat intelligence for your organization?

Right off the bat, the threat intelligence landscape is complex. Offerings are plentiful and confusing, and there are many variables unique to your organization and industry that you should consider. Without clear goals and objectives, the task may seem daunting, but it can be simplified once you understand how to maximize the three types of threat intelligence: tactical, operational and strategic. Let’s dive in to each type so you can begin formulating a winning threat intelligence strategy that covers all your bases.

Defend Against Stolen Bases With Tactical Intelligence

Numerous external and internal threats expose your organization to threats on a day-to-day basis. Some of these turn out to be false positives while others turn into successful attacks. Without proper context, the vast amount of information available to your team to monitor threats can be overwhelming, and too many false positives can fatigue your analysts and cloud their judgment to identify real threats.

Tactical threat intelligence is technical data obtained from daily monitoring and analysis. This helps your security team detect and prevent unknown attacks. With this type of intelligence, analysts can better differentiate between potential threats by using indicators of compromise (IoCs) such as IP addresses, URLs and hashes. Tactical threat intelligence empowers your SOC to make immediate decisions to act against real-time threats that pose a significant risk to your organization.

Throw a Curveball at Attackers With Operational Intelligence

With repetition and practice, professional athletes improve on their game. The same is true for your security team. With experience, analysts can develop the skill of identifying threat patterns and attacker methodologies to proactively hunt for threats, leading to a stronger defense and more effective incident response.

Operational threat intelligence is a combination of technical data and profound analysis of threat groups, malware families, and tactics, techniques and procedures (TTPs). This type of threat intelligence will help your organization make better day-to-day decisions on task prioritization, threat mitigation and resource allocation.

Three Strikes, You’re Out With Strategic Intelligence

The beauty of sitting in the nosebleed section is that you get a bird’s-eye view of the game. Strategic threat intelligence is similar in that it’s most valuable to the highest levels of your organization, and it impacts critical companywide decisions. This type of threat intelligence is a real team effort; although it’s nontechnical in nature, it typically builds on top of tactical and operational threat intelligence.

Strategic threat intelligence explains the motivations of attackers, identifies future trends and considers current geopolitical events. With this information, executives can make informed decisions to mitigate future risk by enhancing security through refined organizational structure, improved internal processes and policies, and increased spending on resources and capabilities.

Hit Your Threat Intelligence Program Out of the Park

Now that you have a basic understanding of threat intelligence and how it adds value to the decision-making process at different levels of an enterprise, you can set your goals and objectives and use them as a filter to evaluate, compare and select the right combination of threat intelligence. Every organization is unique, but with the right resources in place, your team will be ready to play in the big leagues.

Watch the on-demand webinar, “Threat Intelligence, Cover Your Bases”

Paola Miranda

Product Marketing Manager, IBM