September 23, 2020 • The Recorded Future Team
Threat intelligence has huge potential to help organizations make better security decisions and reduce cyber risk.
However, intelligence and security teams are often siloed, and intelligence outputs can lack relevance to the audiences they serve. As a result, the response to intelligence can be slow — if it comes at all.
This is where elite security intelligence comes in.
Security intelligence is the application of intelligence across the security function. It empowers organizations to realize operational improvements and reduce cyber risk by embedding intelligence into security their workflows.
To shed some light on what security intelligence means for your organization, we asked senior leaders from Recorded Future to identify some things that most people don’t realize about security intelligence.
#1 Security Intelligence Gives You Superpowers
Most people in operational and leadership positions make decisions based on their own expertise and experience. They rarely have access to insights that would improve the outcomes of their decisions. Security intelligence puts insights that have historically been out of reach directly into their hands.
“Suddenly, you can read in multiple languages.” — Karen Levy, VP Product & Client Marketing
A powerful security intelligence solution like Recorded Future collects data from a broad range and variety of sources and uses powerful analytics to turn previously unusable information into genuine insights that inform business decisions. Recorded Future uses natural language processing to ingest information in any language and provide insights in the user’s native language.
“Security intelligence makes it fast and safe to access dark web intelligence.” — Karen Levy
While there are dozens of potential sources of useful insights on the dark web, It’s not safe or practical for most people to go digging around there in search of intelligence. A security intelligence solution breaks down the barriers to access these insights, making it safe and easy for analysts to benefit from them.
#2 Security Intelligence Turns Security Into a Business Driver
Most organizations considered cybersecurity a cost center — a function that consumes a lot of resources without contributing to the bottom line. Security intelligence changes that — enabling cybersecurity teams to demonstrate business value in the form of ROI.
“Threat reports are only useful if they impact a business decision.” — Levi Gundert, SVP Global Intelligence
Intelligence for the sake of intelligence is simply not worth pursuing. Instead, security intelligence is concerned with identifying relevant issues and producing insights that support fast, informed decision making throughout the organization.
“Security is a business function. It has to justify its existence with a measurable ROI.” — Levi Gundert
As Levi Gundert explains in his book, “The Risk Business,” an effective program for calculating and tracking cyber risk is critical for demonstrating ROI. Security intelligence plays an integral role in forecasting the financial impact of cyber incidents, making it essential for a risk-based cybersecurity program.
#3 Security Intelligence Makes Your Job Easier
It’s amazing how often a new function or solution ultimately consumes more time for operational staff and becomes ‘just something else to manage’. This is the antithesis of security intelligence.
“Security intelligence gives operational staff the insights they need precisely when and where they need them. That means everybody can keep using the tools they already work with, and they don’t have to learn anything new.” — Karen Levy
An effective security intelligence solution integrates with existing technologies, providing insights natively where operational staff are already working. This improves decision-making without adding extra steps or procedural burden.
“Good detection tools get made great with useful, time-sensitive, and low false-positive indicators. A constant stream of fresh insights will help you make the best use of Netflow, DNS, IDS, and all other detection sources.” — Gavin Reid, Chief Security Officer
An alert from a detection tool can help an analyst identify an attack in its early stages. But,prioritizating alerts is a challenge. Integrated security intelligence enriches each alert with contextual information, making it easy to identify and prioritize high-risk alerts.
#4 Security Intelligence Makes Risk Relatable for Everyone
Communicating cybersecurity issues in a language the business understands is essential.
Security intelligence makes cyber risk relatable for any audience, enabling improved understanding of what each threat or insight means for the business.
“Someone who needs to make a business decision doesn’t need technical details. They need to know the ‘so what?’ of the threat so they can make an effective decision.” — Maggie McDaniel, VP Research, Insikt Group
Effective security intelligence is tailored to the audience it serves. For a security analyst, that could mean it includes technical details and indicators. However, for an executive, it means a simple explanation of what the threat is and what impact it will have on the organization.
“Security intelligence turns arcane security indicators into simple, risk-based insights that anybody can understand and act on.” — Maggie McDaniel
It’s not uncommon for cybersecurity functions to become siloed, to the point where nobody else understands what they do. For a cybersecurity function to flourish, it must communicate in a language that makes sense to the business: The language of risk.
Security intelligence is a powerful tool for a business-focused cybersecurity function, because it translates technical security issues into clear, concise, risk-based insights that anybody can use to improve their decision making.
“Not all insights are useful to everyone. It’s important to have a flexible security intelligence solution that can produce insights in a format and level of detail that’s appropriate to each audience.” — Wendy Swank, Senior Solutions Architect
Serving different security intelligence audiences requires careful planning. While an operational team might want a constant stream of insights directly inside existing workflows, leaders and executives may prefer monthly summaries.
Start by asking each audience simple questions like “what data do you need?” and “where do you want that data to live?”. The answers to these questions will determine the format and frequency of intelligence insights they receive.
The Ultimate Security Intelligence Toolkit
Take control of your organization’s security intelligence journey today with the Ultimate Security Intelligence Kit.