Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.
Aggregating that data requires a shift in mindset and a maturing of threat intelligence in order to better mitigate risks.
Experts say that collecting data for the purposes of having data does no good and can actually detract from a security intelligence program by using up time and man power to analyze data that is most often noise rather than real indicators of threat.
If the long-term goal of enterprises is to have mature threat intelligence programs, they need to conduct an internal risk assessment and design a plan of action.
Tomer Schwartz, director of security research, Adallom Labs noted, "Threat intelligence is not looking at all the data. Threat intelligence is new, and products are changing. Understanding that just plugging in to a product is not going to help is critical. Threat intelligence is about getting as much data as we can, not just current data for a current threat."
Ignoring historical data overlooks a wealth of information that can inform a security program and enable an enterprise to defend against a wider range of incidents. Schwartz said, "In the current state of security, attackers are going to succeed. The correlation with new data and historical data is not happening enough and enterprises are afraid of collaboration."
The answer is not to throw money at a problem, but to inform themselves about the different platforms that will serve the needs of their specific environments.
Most security teams can't make valuable use of their threat data because there is just too much of it. The brain power needed to analyze at the speed at which the data is produced is humanly impossible.
"Humans can't ingest the data at a rate that is meaningful," said Anne Bonaparte, CEO, BrightPoint.
"There are a lot of new avenues for threat data to be disseminated. The challenge and opportunity is the deluge of information. It's become a classic big data problem because humans can't ingest at a rate that's meaningful."
This deluge of data often leaves security analysts floundering.
Commercial vendors, including ThreatQuotient, TruSTAR, BrightPoint, Webroot, Norse, and Adollom all agreed that threat intelligence has become a dig data problem.
Threat intelligence is only valuable if a security analyst can make use of the data, and programs that produce lengthy reports do little to move threat intelligence forward.
Trying to whittle down hundreds of millions of data points to identify the thousands that matter requires a lot of time and man power. Sam Glines, CEO of Norse, said, "If you have a 10 page comprehensive report that tells you all of your vulnerabilities, the second that report is printed, it's outdated."
Sign up for MIS Asia eNewsletters.