Actionable Threat Intelligence

The “commercialization” of cyber crime has created a thriving illicit industry. Attacks, increasingly sophisticated and innovative, often bypass detection by even the most cutting-edge cyber security defense programs.

A proactive defense posture, based on pertinent threat intelligence, is required. Value derived from threat intelligence programs, however, largely depends on how well it is integrated into the organization. The truth is that the vast majority of commercial organizations that establish a cyber threat intelligence capability are rarely able to truly impact decision making and operations.

It is crucial to understand that cyber threat intelligence programs are not all created equal. The sole purpose of an intelligence capability is to inform decision makers and drive operations, resulting in more effective execution in any domain, cyber or kinetic. Existing intelligence capabilities are generally ad-hoc, stove-piped, and often produce little more than situational awareness reporting from sources such as news outlets and vulnerability reports. These types of intelligence reports, by and large, are not actionable and do not materially help an organization’s fight against cyber threats.