Value Proposition for Threat Intelligence

Threat intelligence is all the rage right now, and I’m personally thrilled about that. In this article, I want to take a step back and write about the threat intelligence value proposition and how it can benefit your cybersecurity program.

It’s discussed at many companies, and there is an abundance of products, services, and vendors available. Unfortunately, it’s a little bit too easy to jump the gun and rush out to get the latest, shiniest piece of tech and consider the case closed. Of course, if it were that easy, cybercrime would have become a thing of the past, but alas, that hasn’t happened.

Specifically, I will be discussing the following:

  1. Value Propositions of Threat Intelligence
  2. … No, that’s it.

Let’s go!

Value Proposition for Threat Intelligence

There are many definitions and descriptions for threat intelligence, but none of them (in my humble opinion) get down to business and explain why you should use threat intelligence. This definition from Gartner dates back to 2013 and still holds reasonably well. Still, while it may be academically correct and good, it doesn’t quite usher us toward a better understanding of why threat intelligence is necessary. If anything, it raises more questions.

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Gartner, 2013

I would go so far as to say that this is more of a feature description of threat intelligence than a value proposition. It’s funny how often we forget the basics, lost amongst attractive features and bells and whistles. Take a step back, just for a few seconds, and tell me what you think the purpose of threat intelligence is. Why should you even bother?

Humor me and allow me to take a stab at providing a high-level version of capturing the essence, the value proposition of threat intelligence.

Threat intelligence should enhance existing and future cybersecurity investments by enabling you to spend less (money, time, attention) and feel confident in so doing.

Christoffer Strömblad – Truesec
dimly lit close up of laptop with user typing on keyboard, green text on black background on computer screen

Cybersecurity is all about prioritizing how you should spend scarce resources to defend yourself from cyber threats. Threat intelligence is a force multiplier, a catalyst, an enhancer. It’s not something you use on its own. Its very essence is to either make something you already do better or more efficient or move you toward something you ought to be doing.

All while making you more confident in why you’ve made which decisions. It’s keeping you accountable, but it should also allow you to feel a sense of control and no longer feel like a puppet of chance.

Threat intelligence should enable you to defend better against cyber attacks, it’s that simple.

Taking a Step Toward Confident Cybersecurity

Hopefully, this brief tour of the value proposition for threat intelligence has given you an appetite for more. What’s next?

Next, you need to understand your threat intelligence opportunities and places where you could begin to leverage threat intelligence to enhance your cybersecurity program. That begins with getting comfortable with basic intelligence and situational awareness. It includes understanding what security controls are already implemented (and can be augmented with threat intelligence) and basic attack data.

See you on the other side!