Threat Intelligence in a Big Data World

Threat intelligence is an important piece of any size organization’s cybersecurity system. But effective threat intelligence often fails is because threat analysis teams aren’t aligning themselves to the business, so they may be looking at the big picture of threats rather than for specific industry vertical threats. In the age of big data and data privacy regulations, this could be leaving an organization open to a damage data breach.

No Business Is Too Small for Threat Intelligence

During an online roundtable, “Threat Intel in the Real World,” five security experts—Rick Holland, chief information security officer and vice president of strategy at Digital Shadows; Chris Camacho, chief strategy officer at Flashpoint; Allan Liska, threat intelligence analyst at Recorded Future; John Grim, head of research, development and innovation of Verizon Threat Research Advisory Center; and Kurtis Minder, co-founder and chief executive officer of GroupSense—offered guidance on how threat intelligence is evolving and what organizations need to be thinking about to improve their efforts.

SMBs think they are too small for a threat intelligence because they don’t have a security team onboard, the experts discussed. Yet, “Every organization has intel they should be leveraging, just based on what they’re seeing operationally, on their own,” said Minder.

However, mechanically, recognizing the risk is one thing, but deciphering the intel data is more difficult and may require an SMB partner with a third-party with a company that offers a managed approach to threat intelligence.

How to Recognize What Data Is Most Useful

To protect your data with a threat intelligence program, the experts said, you need to know what data you have and then evaluate what is most useful for your organization. But there is just so much data coming from so many devices that it becomes overwhelming.

There are three steps you can take to get a better understanding of the data flowing through your company and determine what is most useful to you. The first step is to use a SIEM tool to access the logs and do an assessment of the data flowing through the company to determine what is legitimate data and what is noise. The next step is asset inventory, something many companies fail to do, yet it is the most basic move to see what is on the network. Third, become familiar with the security and threat solutions your organization is already using. Even with an endpoint security solution, you can make configuration adjustments to make it more effective. These steps together will allow you to take a deep dive into the data you are generating that is legitimate and useful and discover where your biggest threats are coming from.

How Do You Validate Intelligence in Data?

A lot of intellectual property revolves around the concept of taking raw data and turning it into useful information. It is similar to validating the intelligence gathered from your big data. Theoretically, most of the data collected within your organization is in some way connected to business use cases. You need to find the data that’s real by taking the structured components to the data and enrich it. This is data that comes from an IP address or the domain address, for instance. Then, once you have that data, you can prioritize it for your business use case. When you actionize data, you are adding intelligence. When you add intelligence, you can begin to leverage potential threats.

It’s important to understand your data collection sources, even though most businesses don’t have a collection manager, Holland said. Still, you need to know which sources of data provide better value.

“We couldn’t even do small data right back in the day, and now we have big data, and we’re really struggling,” he added. Triaging and prioritizing your sources for collection helps you focus on the data; otherwise, you’ll be overwhelmed.

Threat intelligence for big data can be boiled down to three issues: Know your assets, secure your configurations and have good access control. These three areas will go a long way in protecting your data resources from outside actors.

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba