Businesses have to step up their cybersecurity game if they want to fend off the bad guys. New attacks emerge every day. Cyberhygiene practices like patching, keeping antivirus definitions up to date, and running daily backups are still crucial for preventing issues. However, they may no longer be enough for every client. Vulnerabilities get exploited before patches are available. Viruses come online before their signatures are discovered. Fileless attacks slip past AV solutions.
To combat this, many have turned to threat intelligence services to help them have a more “real-time” view into the cyberthreat landscape. However, there are some challenges in the threat intelligence market.
There are a ton of threat intelligence feeds on the market today. Some use only publicly available data, while some use private data. Some are targeted at specific regions. Others focus on specific industries like government or commerce.
The options are overwhelming. You need to think strategically about which feeds you need to cover your clients. If you have clients in multiple industries, this could get overwhelming (and costly). To top it off, with threat intelligence services being relatively new in the marketplace, you must have the cybersecurity knowledge to judge the feed’s quality before you even make a purchase. You often don’t know how useful it will be until you buy it.
Beyond that, the feeds can be overwhelming and hard to operationalize. According to a study from Ponemon Institute, only 41% of respondents claimed that their organizations were effective in operationalizing their threat intelligence feeds.1 The same report claims that one major roadblock is that, “threat intelligence data continues to be too voluminous and complex to be actionable.”2
Truthfully, the value of threat intelligence sits within the greater context of your overall security program. It’s only one tool within a larger arsenal—and if that tool is hard to use or too complicated, it defeats the purpose and won’t enhance the value of your other cyberdefenses.
Instead, look to services and platforms that help you place this threat intelligence within the broader context of your full security strategy. For example, try to choose a threat detection and monitoring platform that leverages multiple intelligence feeds to help detect threats and sound alarms. The threat monitoring solution can automate much of the process and help place your threat intelligence into context alongside other data like logs. You can then use this information to detect threats and, hopefully, remediate them as soon as possible.
In short, threat intelligence feeds are rarely useful on their own. They need to be placed within their proper context. This often requires a full platform that can not only simplify the data enough to separate the signal from the noise, but also help you turn that information into actionable steps.
As mentioned earlier, one of the best ways to operationalize threat intelligence is to choose a threat detection and monitoring platform that uses multiple intelligence feeds alongside log correlation to bubble up the most important information. However, these platforms can often be beyond the scope of many managed services providers. In this case, it may make sense to partner with a specialized managed security services provider (MSSP) firm that can handle a lot of the back end for you while you still own the relationship with your clients. In this arrangement, the MSSP can use their own expertise to help ensure that you get the right intelligence and only deal with the true security concerns—and avoid wasting time on false alarms. This business arrangement can be extremely beneficial to both parties, and to the customers you both serve.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.
To find out how SolarWinds Threat Monitor can help you streamline your security operation, click here.