We look at threat intelligence as the active, selective gathering of multiple threads: The latest malware variants, a new twist on ransomware, some nefarious innovation on social engineering, DDoS stratagems, to name a few. These services are as different from old-school security feeds as sprinkler systems are from fire hydrants. Security feeds vacuum up (and disperse) everything in their wake; threat intel is, well, more intelligent, not to mention curated and customizable.
One of Dark Reading's columnists summed up the difference more succinctly: There's data, and then there's information – in the case of threat intel, it's specific data that allows users to gauge exposure and risk, then act accordingly. Business, government and non-profits see the value of threat intel; global service revenue is forecast to top $5.8 billion by 2020, according to Markets and Markets.
But the set-and-forget mentality is an occupational hazard in all of IT; seasoned infosec professionals understand the security landscape changes too quickly to relax for very long. So here are some flash points to help guard against complacency with threat intel, and maybe even raise your organization's security IQ.
What's worked for you and your organization? What's overblown marketing hype? We know you won't be shy about letting us know in the comments section… let us hear from you.