By Zane Pokorny on May 15, 2019
Regardless of your security role, threat intelligence performs a useful function — but only if it’s actionable and timely. Alerts are meant to keep you informed, but if they lack transparent sourcing or are irrelevant, they’re just distractions. That said, making sure alerts are useful can take a lot of time, effort, and experience when done manually.
To make alerting easier, Recorded Future developed the Intelligence Goals Library. It has use cases for every security role, already preconfigured and in one place. With it, activating new or relevant alerts is simple, and it’s just as easy to deactivate them if they’re no longer relevant to your organization.
There are seven security roles in the Intelligence Goals Library — threat analysis, incident response, vulnerability management, security operations, risk analysis, fraud, and security leadership. Each role has its own Intelligence Goals, and there are over one hundred use cases within those Intelligence Goals.
Use cases send you real-time alerts that include transparency into sources, which allows you to quickly research an alert and understand why it was sent. Because use cases are preconfigured and automated, the focus stays on intelligence requirements already aligned with established best practices rather than the detail work of setting up custom alerts and queries.
The Intelligence Goals Library also includes Watch Lists, which are custom, configurable lists of your organization’s assets. With Watch Lists, you have a central point to customize alerts to be specific to your organization.
In this blog post, we’ll explore how security professionals who are doing risk analysis can use the Intelligence Goals Library to get the right alerts.
Intelligence Goals for Risk Analysis
Intelligence Goals under the risk analysis security role help you assess third-party information security competence and identify third parties that introduce elevated risk to your organization.
Evaluating and managing third-party risk is an essential part of security today. Every industry relies on third parties for some supply or service, and especially in an era of ongoing digital transformation, the distinction between your own network and that of your third parties is becoming blurrier. With company data in the cloud and a proliferation of internet-connected devices, the threat landscape is quickly expanding.
The traditional approach to managing third-party risk usually involves static assessments like financial audits or examinations of an organization’s security controls. That’s helpful, but it doesn’t say anything about the actual risk of threat actors targeting that organization. Quantifying risk with threat intelligence is an essential next step.
Real-time, automated threat intelligence on third-party risks gives you information on how and when the threat environment changes. This can mean the difference between knowing you’re exposed to a vulnerability in your supply chain and getting attacked through a vector you weren’t even aware of. We’ll explore a few alerts in the risk analysis category of the Intelligence Goals Library to see how.
Risk Analysis Intelligence Goals and Their Use Cases
The Intelligence Goals within the risk analysis section of the Intelligence Goals Library include 14 use cases.
1. Third-Party Risk
Set up alerts on changing company risk scores and trending companies both locally and globally so that you can get immediate updates on when your partners, suppliers, and other third parties that you work with are flagged in the news.
With transparency into the sources, these alerts provide more context than a simple change in risk scoring, helping you determine what action needs to be taken.
2. Supplier and Partner Trends
Set up alerts on trending attackers, their methods of attack, and who they’re targeting among your suppliers and partners. Get a threat view on your suppliers and partners, and receive alerts when they’re breached or otherwise disrupted.
A breach for a third party can easily affect you when you share or host sensitive data like log-in information with them, making this kind of real-time alerting essential for keeping up with attacks that occur outside of your own network, but can still impact your organization.
3. Competitive Research
Get alerts on the financial reports of your competitors and other related information, helping you stay aware of changing trends in your industry.
Do you want to see firsthand how the Intelligence Goals Library makes threat intelligence easy? Take a tour now.