August 12, 2019 By Eddie Humphries 3 min read

Every so often, a new phrase or buzzword does the rounds for a bit before it goes off to join the other forgotten buzzwords in the sky, only to be recalled at corporate parties for a laugh, or to gauge how long someone has been in the trade. However, a select few remain firmly embedded in the security lexicon because of the way they continuously enrich our lives and businesses. Security intelligence is a phrase with such staying power.

What Is Security Intelligence?

Security intelligence is actionable threat data compiled from security information and event management (SIEM), user behavior analytics (UBA), log management, and other tools and sources to aid incident response planning and decision-making around data breaches.

It’s all in a day’s work for security professionals, but what does all that security data mean to your business leaders?

Imagine your chief operating officer (COO) strolls up to your desk and asks you, “How fit are we on our security intelligence?” If they are like the COOs I’ve worked with, they’ve done a bit of homework before approaching you with this question. No amount of techno-babble, hand waving or staring off into the distance like Jack Sparrow will get you through this conversation — it’s not like we’re talking about encryption, after all.

A few things might run through your head at this point. You might think to yourself, “The board must’ve heard another buzzword at a conference, and now they want me to tell them what it is,” or, “Clearly, this is the new name for the logging and event management we’ve been doing for ages.” Well, yes and no.

Yes, security intelligence is a relatively new buzzword that has made its way into executives’ vocabulary.

Yes, you have been collecting logs and events for ages, and every now and then — in an increasingly worrying trend — something hits a threshold that makes you wonder, “Now, what’s going on there?”

Yes, you are going to have to explain it and assure top leadership that you are on top of it.

However…

No, the way you have operated for all these years is not enough to keep up with the evolving cyberthreat landscape. Looking at logs and events in isolation is inadequate because the chain of attacks has morphed into something that is beyond traditional thinking and technology.

And no, security intelligence isn’t going away. In fact, I wouldn’t be surprised to see a surge in job postings for information security intelligence professionals in the near — if not immediate — future.

What Does a Successful Security Intelligence Program Look Like?

To put it simply, you need to be able to consume, analyze and asses the vast amount of security information passing through your network. We’re talking network devices, host operating systems, applications, databases, user activity and more.

The analytics must be able to identify, manage and prioritize the threats that pose the most risk, consummate with the organization’s risk appetite. It’s more than just security information and event management (SIEM) and risk management; it needs to be done in near real time and capable of automating incident response and compliance.

The world of cybercrime is constantly evolving, and threat actors are growing more sophisticated by the minute. When you’re bombarded with billions of events on thousands of endpoints every day, how can you interpret all that information to reveal threats lurking on your network and targeting your organization?

You need a security intelligence solution that can:

  • Provide full visibility into your network, application and user activity;
  • Identify high-risk threats;
  • Correlate those threats in near real time with behavioral anomaly detection;
  • Detect and understand vulnerabilities; and
  • Determine where high-priority incidents are occurring that would not normally rattle a threshold in the traditional way of using SIEM.

Staying ahead of this wave is difficult, and solutions often seem too big and complicated. Remember, you already have a lot of the answers in place; it’s more a question of how do we stitch all that data together to aid decision-making in this ever-changing cybersecurity landscape?

You’ll need a strategy to help you get your security intelligence program off the ground, but it’ll likely resemble the one you already have in place, because you should already know your networks, systems and data, and the threat model and attack surface should be in place. From your SIEM tools, you know what your data sources are, have specified events and use cases, and understand your thresholds.

Show How Security Impacts the Bottom Line

Even when threat analysis and risk management are in place, it’s critical to extract the right actionable information to inform the executive decision-making process regarding the reputation, profitability and overall health of the business. How are you measuring the success or value of your tools, reporting and communications? There is no case for improvement without feedback.

The myriad security incidents reported in the press emphasize the need and business case for better, smarter tooling that can respond in an automated fashion using artificial intelligence to analyze huge amounts of data at speed. If you can show why it is important and how it impacts the business’ bottom line, you should have no problem getting increasingly security-aware COOs and business leaders on the same page with your security intelligence strategy.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today