IDG Contributor Network: The new definition for threat prediction

In “Redefining threat prediction,” I discussed the various ways “prediction” is often misunderstood when discussed as a part of security tools, and three ways security analysts can address these misunderstandings. Now I would like to focus on how security teams can begin mapping this new understanding of security prediction into a practical framework that can be tailored to suit the needs of any organization. First, let’s revisit the concept of prediction.

Seeing the future

Here’s a quick thought exercise for you. Tell me what happens next: one of your business-critical internet facing web servers has a known, critical vulnerability. What happens in the next day, the next week?

Your response to that question is rooted in your experience, knowledge and your business’ mission. Given just a little bit of information, you probably devised questions and answers in your mind. You anticipated lots of things – emails, phone calls, you and your team making small and large decisions, meetings – lots of meetings.

This is a silly example, but my point is, we can see the future when our expectations are concrete. The concreteness comes in part from two basic, overly simple, principles: anticipation (of risk or reward) and decisions (based on context).