Terrence Driscoll , Chief Information Security Officer at Cyware , discusses how Threat Intelligence Platforms are helping security teams eliminate the need for manual data assimilation . he arms race between the

In practical terms , threat intelligence involves the proactive collection , analysis and dissemination of information about potential cyberthreats . It provides organisations with the foresight needed to improve their defences by leveraging evidencebased information or knowledge of an existing or emerging threat ’ s capabilities , techniques , infrastructure , motives , goals and resources .

This approach has grown in importance because keeping a network and data secure is becoming increasingly difficult as the tactics , techniques , and procedures ( TTPs ) used by cyberthreat actors continue to become more sophisticated .

The problem is that legacy approaches to threat intelligence often fall short in the face of increasingly dynamic and sophisticated cyberattacks . One of the biggest challenges facing those reliant on

The problem is that legacy approaches to threat intelligence often fall short in the face of increasingly dynamic and sophisticated cyberattacks . manual threat intelligence processes is the sheer volume of alerts and sifting critical intelligence from superfluous or irrelevant noise .

Bridging the capability gap

To bridge this capability gap , organisations are increasingly turning to automated threat intelligence solutions to transform the way they identify , analyse and respond to cyberthreats . By raising the bar for sophistication and speed , Threat Intelligence Platforms ( TIPs ) are helping security teams eliminate the need for manual data assimilation – a task which currently requires significant time and resources , and consequently , can be extremely inefficient .

Adding automation to the threat intelligence mix not only allows users to understand their security risks with more clarity but also contributes to an ecosystem where information is shared with internal and external groups more quickly . This has an important knock-on effect across the cybersecurity community , where teams often need to react to emerging threats extremely quickly .

Digging a bit deeper into the legacy processes automation helps to improve , security teams will typically aggregate threat intel data from a vast number of sources and do so using various disparate and incompatible formats . This can include everything from internal logs and opensource feeds to rapidly changing threat intelligence feeds – in huge volumes . The problem here is that properly correlating this information so it can help prevent breaches is extremely labour-intensive work . At the same time , the sheer volume of data involved can result in mistakes being made , especially when analysis has to be completed under intense time pressure .

Terrence Driscoll , Chief Information Security Officer at Cyware

WWW . INTELLIGENTCISO . COM 33