Security Intelligence Handbook Introduction: A Complete Picture of Security Intelligence

October 22, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of our book, “The Security Intelligence Handbook: How to Disrupt Adversaries and Reduce Risk with Security Intelligence.” Here, we’re looking at the book’s introduction, “A Complete Picture of Security Intelligence.” To read the entire section, download your copy of the handbook, today.

By now, you’ve likely heard of security intelligence, but you may still be fuzzy on what exactly this term means.

As you explore the new edition of “The Security Intelligence Handbook,” you’ll get a clear picture of the many different ways security intelligence empowers teams to collaborate without friction and maximize efficiencies. First, let’s explore what security intelligence means:

Definition of Security Intelligence

“Security intelligence is an outcomes-centric approach to reducing risk that fuses internal and external threat, security, and business insights across an entire organization. It easily scales up and down to match the organization’s size, maturity, and specific needs.”

If you’ve been following Recorded Future for a while, you may recall previous handbook editions centering on “threat intelligence.” In this introduction chapter, you’ll learn why cybersecurity experts and IT groups have shifted away from this conception, embracing “security intelligence” as a broader, more accurate term for this proactive approach to disrupting adversaries.

You’ll also come to understand why customization is at the heart of a comprehensive security intelligence program. As Recorded Future’s chief of product and engineering Craig Adams describes, “Security intelligence needs to be purpose-built to offer not only security professionals, but also professionals within all sectors of a business, the ability to pick and choose what areas of risk are critical to their organization at that time, and pull what levers are necessary to manage and proactively defend themselves.”

This introduction, which has been edited and condensed for clarity, explores what’s new in “The Security Intelligence Handbook,” and what you can expect to take away from reading the third edition.

A Complete Picture of Security Intelligence

Like the blind people surveying the elephant in the fable, most people have only a limited understanding of security intelligence because they have only come into contact with one aspect of it.

You might have heard that security intelligence involves collecting data from a wide variety of sources, including the dark web. You may know that it combines that data with insights from cybersecurity experts, and distills the data and insights into intelligence for IT security professionals. You might work with threat feeds or weekly reports about attacks on the network, or even expert analysis of cyber risks. However, it’s unlikely that you entirely appreciate the wide range of roles and functions that security intelligence supports, all of the ways it protects organizations and their assets, or its full potential for reducing risk.

This handbook will give you a complete picture of the elephant. The beginning provides an overview of security intelligence and the phases of the security intelligence lifecycle. The middle of the book examines the specific ways that security intelligence strengthens six critical security functions and their workflows. The final chapters deal with management and implementation issues, like using security intelligence to evaluate risk and justify investments, and how to build a security intelligence team.

By the end, you will understand how security intelligence amplifies the effectiveness of security teams and security leaders by exposing unknown threats, clarifying priorities, providing data to make better, faster decisions, and driving a common understanding of risk reduction across the organization.

From Threat Intelligence to Security Intelligence

Until recently, the topics discussed in this book were commonly known as “threat intelligence.” In fact, the previous release was titled The Threat Intelligence Handbook, Second Edition.

However, the term “threat intelligence” is generally associated with information about threats to traditional IT systems controlled by the organization. This conception of the field is far too narrow.

Innovative threat actors continuously probe for weak points and develop new ways to penetrate or circumvent traditional IT defenses. They steal credentials from trusted third parties and use those to burrow into corporate systems. They harvest personal information from social media platforms to produce convincing phishing campaigns, and create typosquatting websites to impersonate brands and defraud customers. They plot cyberattacks and leverage physical events against remote facilities around the world. They devise attacks that, without prior warning, are undetectable by conventional IT security solutions.

Forward-thinking cybersecurity experts and IT groups have realized that they need to take the battle to the threat actors by uncovering their methods and disrupting their activities before they attack. This realization has prompted them to expand their intelligence programs to include areas such as third-party risk (exposure through vendors, suppliers, and business partners), brand protection (the ability to detect and resolve security issues that threaten an organization’s reputation), geopolitical risk (threats associated with the locations of physical assets and events), and more.

Now, experts and vendors are using the term “security intelligence” to encompass everything that was previously called “threat intelligence,” as well as the newer areas of the field. That is why the book you’re reading right now is titled The Security Intelligence Handbook.

You may also notice that we have revised and reorganized material from earlier editions to align with the concept of security intelligence. For instance, we:

  • Sharpened our focus on how security intelligence strengths six major security functions
  • Explored new use cases and examples of ways to utilize security intelligence for activities such as incident response and proactive threat hunting
  • Expanded the discussion of brand protection
  • Added a new chapter on geopolitical risk
  • Added a discussion of how to use a Threat Category Risk (TCR) framework to quantify threats based on monetary impact to an organization

We hope this handbook will empower you to disrupt adversaries and reduce your organization’s risk — or at the very least, stimulate new ways of thinking about what it means to be a defender in the current landscape.

Get “The Security Intelligence Handbook”

This introduction is one of many chapters in our new “Security Intelligence Handbook” that explains the different ways to disrupt adversaries and reduce risk with security intelligence at the center of your security program. Subsequent chapters explore different use cases, like how intelligence benefits vulnerability management, SecOps, third-party risk management, security leadership, and more.

Get your copy of “The Security Intelligence Handbook,” now.

New call-to-action