"Threat Intelligence?" – Let the Buyer Beware

"Threat Intelligence?" – Let the Buyer BewareA new buzzword phrase is circulating in the cybersecurity world. And it is being put in heavy  rotation by vendors who want to sell you something – whether or not it will actually help you protect your business data.

The new hot ticket is threat intelligence. Often you will see it in abbreviated all-caps, military-acronym style: THREATINTEL. Put that way it looks really scary and critical. Something you probably want Navy SEALS to handle. Or at least a spiffy new THREATINTEL solution that will light up your dashboard with glowing red warnings, as if World War III were at hand.

Yes, there really is such a thing as threat intelligence. And it can be a very good thing to have. But as security analyst Scott Terban points out at Infosec Island, "threat intelligence" has also become the latest flavor in enterprise scare-ware. Think and study before you buy.

Terban lists a number of components of threat security that would be relevant to businesses seeking to protect themselves. What stands out on that list is that only the final item – information provided by IDS/IPS (intrusion detection/prevention systems) and a Security Operations Center (SOC) – is the sort of "threat intelligence" being offered by tech vendors.

The rest of the list includes some technical factors that you, or your IT people, should be up to speed on. But most of the list is about (human) security awareness:

Do you know who "hactivists" are, and why they might matter? Do you know – in broad outline – what Stuxnet and Flame are, and who they targeted? What is the state of employee morale in your organization? Do you have a policy on applying security patches? Is it being followed?

If you can answer those questions, the answers will provide more threat intelligence than any vendor solution on the market. Security does not come from blindly buying expensive tools. It begins with understanding what the tools are meant to do.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."