Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/5/2017
02:30 PM
Terry Sweeney
Terry Sweeney
Slideshows
Connect Directly
Facebook
Twitter
RSS
E-Mail
100%
0%

7 Ways To Fine-Tune Your Threat Intelligence Model

The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency.
Previous
1 of 8
Next

Image Source: Pixabay

Image Source: Pixabay

We look at threat intelligence as the active, selective gathering of multiple threads: The latest malware variants, a new twist on ransomware, some nefarious innovation on social engineering, DDoS stratagems, to name a few.  These services are as different from old-school security feeds as sprinkler systems are from fire hydrants. Security feeds vacuum up (and disperse) everything in their wake; threat intel is, well, more intelligent, not to mention curated and customizable.

One of Dark Reading's columnists summed up the difference more succinctly: There's data, and then there's information – in the case of threat intel, it's specific data that allows users to gauge exposure and risk, then act accordingly. Business, government and non-profits see the value of threat intel; global service revenue is forecast to top $5.8 billion by 2020, according to Markets and Markets.

But the set-and-forget mentality is an occupational hazard in all of IT; seasoned infosec professionals understand the security landscape changes too quickly to relax for very long. So here are some flash points to help guard against complacency with threat intel, and maybe even raise your organization's security IQ.

What's worked for you and your organization? What's overblown marketing hype? We know you won't be shy about letting us know in the comments section… let us hear from you.

 

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
michaelfillin
50%
50%
michaelfillin,
User Rank: Apprentice
1/5/2017 | 4:37:49 PM
$5.8 billion
$5.8 billion, really ? Can't trust that
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/5/2017 | 11:04:41 PM
Re: $5.8 billion
Michael, I think that makes sense if you look at the breakdown.  Keep in mind that this is a wide-ranging examination and as we in the tech world know, costs are in every nook and cranny.

The scope of the report looks at the whole threat intelligence security market and covers all the solutions below:
  • Security Information And Event Management (SIEM)
  • Log Management
  • Identity and Access Management (IAM)
  • Security and Vulnerability Management (SVM)
  • Risk Management
  • Incident Forensics

That's already quite a bit of annual $$ right there per solution.  Then the service breakdown below is also considered. 
  • Managed Services
    • Advance Threat Monitoring
    • Security Intelligence Feeds
  • Professional Services
    • Consulting Services
    • Training and Support

Considering the projection covers SMBs and Large Enterprises, all the major verticals and the North America, European, Asia-Pacific, Middle East & Africa, and Latin America markets, I actually wonder if the $$ assessment won't be found wanting by that time.

I understand your intitial doubt, but I work for a company that just spent about $25M on technology over the last couple years, not including budget for Security to secure that tech.  That's one major company in one major vertical in Tech.

I think the numbers are starting to look pretty solid with the scope in mind, and knowing the threat activity that is out there now and what we've seen in the past. 
cemal.dikmen
50%
50%
cemal.dikmen,
User Rank: Author
1/15/2017 | 8:11:20 AM
Question
lack of suitable technologies (525%). Did you mean 52%???
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.