The threat intelligence industry will consolidate significantly over the next couple of years, with increasing numbers of organizations adopting newer, human-oriented and enriched toolsets as they become more powerful, according to industry experts.
Speaking at Infosecurity Europe 2015 in London this morning, Digital Shadows CTO James Chappell, claimed that threat intelligence has actually been around for many years.
Using data from CERTS, WARPS, AV databases and even CVEs could technically be lumped under the term, he argued.
However, a new breed of platforms has emerged over the past year or two, tapping several key industry trends.
First, these tools are making use of low cost, cloud infrastructure “to do stuff at a scale and complexity never seen before.”
Second, there’s better integration of security controls so organizations can gain greater visibility into what’s going on in their networks.
IT teams are also much more comfortable consuming security-as-a-service today, he added.
Chappell highlighted in particular rich analytic tools like Paterva’s Maltego; the emergence of powerful products based on open source intelligence (OSINT) tools; and information sharing through bodies like US-based Information Sharing and Analysis Centers (ISACs).
A great start for those keen to tap the wealth of threat intelligence capability out there is by using free tools like ShadowServer and those provided by the likes of AlienVault – “to learn about what’s going on outside your boundary.”
IT teams can also improve their security posture by talking to NOCs and CERTs to gather and consolidate information, as well as tapping marketing teams to find out how their firm is being discussed online.
Finally, Chappell recommended frank discussions with industry peers, pleading with attendees that they be more willing to participate in information sharing frameworks and initiatives.
“The threats against our business collaborate against us …they’re doing really well at attacking our businesses,” he argued. “If we’re going to be successful at all we have to become more successful at sharing.”