EDITOR ’ S QUESTION
Threat intelligence is the backbone of a successful and comprehensive cyber strategy . It enables informed business decision-making in an ever-evolving landscape . There are already a range of critical standards and regulations that underpin its importance , including the FCA ’ s Cyber Resilience regulations , NIS regulations , NIST 800-172 , the UK Government Cyber Security Strategy and the latest addition , the UC Cyber Security Strategy .
By incorporating the latest intelligence , businesses can take a proactive approach to improving their cyber posture , which serves to guide their cybersecurity strategy and investment .
These standards emphasise the integration of threat intelligence data into risk management , budgeting and detection and response . By utilising this data to understand the specific threat actors most relevant to a business , as well as their motivations and preferred tactics , techniques and procedures , organisations can significantly enhance their ability to detect and respond to threats .
However , effectively collecting and using threat intelligence can be challenging . Poor-quality technical indicators can generate excessive noise , false positives and an inability to detect real threats , limiting the true value of threat intelligence .
To overcome these challenges , a mature and efficient threat intelligence function must be underpinned by specialist analysts who work closely with a SOC to develop a complete picture of the threat landscape . This function leverages research , a threat intelligence platform and an automated and manual collection framework . By incorporating the latest intelligence , businesses can take a proactive approach to improving their cyber posture , which serves to guide their cybersecurity strategy and investment . of where threats lie , businesses can take advantage of regular reports and summaries concerning specific threats , such as malware , phishing , or infected external hosts .
When integrated with SOC-related services , a welloptimised threat intelligence function can maximise detection and response capabilities in line with intelligence findings . This function can also actively inform detection and blocking activities of active malicious threats in real-time , thereby minimising false positives .
Ultimately , cyberthreat intelligence allows organisations not only to understand their current threat landscape but also to anticipate future threats . To protect against emerging dangers , the incorporation of threat intelligence into cyber strategies is imperative . By doing so , organisations can prioritise their cyberdefence and remain protected against everevolving cyberthreats . p
An optimised threat intelligence function will provide an automated feed of actionable intelligence that consistently identifies and blocks indicators of attack , thereby offering a significant amount of defence comparable to other security controls . To make sense
CHRISTOPHER DUGGAN , HEAD OF CYBER THREAT
INTELLIGENCE AT BRIDEWELL
www . intelligentcio . com INTELLIGENTCIO EUROPE 37