Little do we realize how important security intelligence is in the everyday life of a security manager or executive. One of the major challenges these professionals face is compiling log data from various sources to create reports that demonstrate compliance and pass audits. These reports could also show how secure an organization is from threats and substantiate adherence to industry regulations.
Reports, Compliance and Trade
Let’s use the example of two countries — Wonderland and Republic of Fun — going into a diplomatic trade agreement with each other. A clear agreement between both countries would be an effective way to minimize threats and avoid disputes. So, before entering into said arrangement, both countries would need strategic analysis on the pertinent trade plans, such as:
- What is the exact nature, quantity and quality of the goods to be traded? Are these terms acceptable and appropriate for the alliance?
- What are the currency terms and how will they be facilitated?
- Are both countries currently seeing stable infrastructures? What are the risks if one infrastructure shifts?
- How secure is the trade environment (pirates on the seas, cougars in the mountains, unsafe borders, weather anomalies, etc.), and what are the risks to goods, people and time for each trade?
- What audit rights should be agreed upon? Who performs any needed audits?
- What country-specific regulations do both parties need to agree to, be aware of or comply with?
- What dispute resolution provisions need to be made?
While researching the above issues, Wonderland and Republic of Fun must come up with an optimum solution that’s profitable to both sides. Of course, much will depend on the specific type of trade pact and the individual policies adopted, so they would still need to iron out details. But the analysis reports and briefs would enable each of the country leaders to determine whether or not a trade agreement is logical.
How Does Security Intelligence Fit In?
As the dimensions, alacrity and complexity of international trade increases, the need for heightened security and oversight also grows. Where an analyst report would have sufficed in the past, an exhaustive narrative is needed now. In recent years, the globalization of trade has required an expanded purview of the analyst report in order to ensure methodical implementation of the terms, proper collection of duties and the fray of transnational crime.
In a similar way, security intelligence tools such as security information and event management (SIEM) solutions compile cohesive reports for the heads of organizations, providing context across an extensive range of sources. This can:
- Reduce false positives;
- Tell users not only what has been exploited, but also what kind of activity is taking place;
- Provide quicker detection and incident response.
Cybercriminals have begun to strategically target companies over a period of months or even years to steal data and intellectual property. These advanced persistent threats (APTs) have forced businesses to take a more holistic security approach that enables administrators to uncover new threats based on patterns of activity. Along with identifying these patterns, security intelligence can also validate the organization’s policies to ensure they are compliant with industry standards and government regulations.
SIEM tools effectively provide integrated reports of meaningful information by leveraging log data to establish very specific context around each potential area of concern. They also execute sophisticated analytics to accurately detect unusual situations. This data comes from individual security products as well as sources such as network device configurations, servers, network traffic telemetry, applications and end users and their activities.
Download: IT Executive Guide to Security Intelligence
Portfolio Marketing Manager for Security Intelligence, IBM