Threat Intelligence is Simpler Than You Think

Ask 10 people to define Cyber Threat Intelligence and you’ll get 10 different answers. Some will say it's all about tracking threat actors, others will tell you it’s helping to prioritize vulnerability patching. Most will argue that Threat Intelligence is about collecting and managing Indicators of Compromise (IOCs).

None of these definitions are wrong, they are just not exhaustive or complete. Threat Intelligence can be any of these things, or even all of them at the same time. But of course, a true answer includes a whole lot more. Really, for every organization the answer will be unique. Threat intelligence depends entirely on the information requirements of your security organization. 

Let’s draw a parallel with a marketing team. If you’re responsible for the marketing of a luxury watch brand, for example, you’re not going to buy ad space in a children’s magazine, because children don’t buy your luxury watches. That would be a complete waste of your limited marketing budget. Instead, the wise marketer will rely on market research. What can you know about your audience, their behaviors, their competitors. Answering these questions lets you be effective and efficient with your marketing budget. And your CFO would argue it would be professional negligence if you didn’t rely on high-quality market research to make such consequential decisions. 

What market research is for a marketing team, that’s what Cyber Threat Intelligence is for Security and Risk Functions. It is nothing more than the information they need, in a format that they can use, to be as effective and efficient as possible with their security budget. For monitoring and detection teams, this might mean high-fidelity Indicators of Compromise of threats that matter to your organization. For a Vulnerability Management Team, it might mean a prioritized list of vulnerabilities exploited in the wild. For a Red Team, it might mean a clear description of the Tools, Tactics and Procedures (TTP’s) of the Top 3 Threat Actors your organization is tracking. And for a CISO, it often means early warnings and contextualization of relevant breaking cyber news, as well as strategic insights into the threats to the organization to help set the direction for the security function as a whole.

Cyber Threat Intelligence means different things to different people, and that’s fine. Ultimately, it’s not important what other people think Threat Intelligence is. It is whatever you need it to be to help your security teams be even better at their jobs, because you’re giving them the information they need to do so. 

And that’s where Liberty91 comes in. As every CISO knows, in an emergency, every second counts. Real-time threat intelligence based on your actual needs is invaluable for safeguarding operations. When protection against new and existing threats means everything, you know the value of staying informed and activating decisively. It all comes down to information. To data. And that’s what we deliver, in real time, directly to your pocket, whenever and wherever you need it.