This is part 3 of our blog series, “Are your threat intelligence feeds saving you, or costing you?”. Part 1 covered gathering threat intelligence feeds and part 2 covered selecting the sources themselves. This blog will talk about how to leverage and get value from threat intelligence and threat analytics.
Analytics ensures you get the most out of your threat feeds
IDC estimates that spending on threat intelligence services will grow to more than $1.4 billion by 2018. But all that spending is useless if the data provided by the threat intelligence feeds isn’t used to tie back and block the threats specific to your company.
Turning threat intelligence feeds into actionable information requires threat analytics. This is particularly true when using multiple feeds.
Threat analytics using advanced statistical modeling can identify new threats and adapt over time. Behavioral analysis and anomaly detection can reduce the time to identify threats within a network. Although human input and insight is important, threat analytics doesn’t depend on manual rule sets but instead utilizes statistics and machine learning.
Analyzing threat intelligence feeds needs to handle large amounts of data. It requires not only the data from threat intelligence feeds, but also corporate data: transactional data, plus unstructured data such as email and social media. The results of the analysis can help with improved patch management, enable automated blocking based on feeds without impacting valid users, prioritize events for handling, and communicate about events more effectively.
Doing this analysis isn’t easy. Security professionals need seven hours to review a threat. But most firms don’t have professionals with specialized training. Specialized threat analytics platforms, like those from IKANOW, help security professionals derive business intelligence from the collected threat intelligence feeds. The analytics identify risk levels and identify trends that are relevant to your specific corporate infrastructure. The analytics can be automated so knowledge is always up-to-date despite the rapidly changing threat environment.
IKANOW correlates data from multiple data feeds and social networks, plus corporate SIEM data. The output can be as specific as identifying IP addresses that have been affected by malware. Results of the analytics are presented in reports and a dashboard to allow threats to be easily communicated, discussed, prioritized, and resolved.
Getting Value from Threat Intelligence Feeds
Gartner defines threat intelligence as “evidence-based knowledge…that can be used to inform decisions.”
In an InformationWeek survey, 73% said threat intelligence is a smart investment however only 25% of firms built their own in-house security analytics. In that same survey, 64% stated that threat intelligence decreased the time it took to discover a breach and less than 5% say analysis doesn’t improve their risk assessments.
Using multiple threat intelligence feeds with a flexible threat analytics platform can drastically increase your security posture by decreasing your risk, improving your situational awareness, discovering breaches faster, and much more. IKANOW can help you turn threat feeds (both private & open source) into meaningful threat intelligence that you can apply to protect your company against both internal and external threats.
Want to learn more about your top vulnerabilities and how they impact your organization? How about receiving a quantitative risk measurement? Or the value of your threat intelligence feeds? Sign up to receive a free threat visibility & vulnerability assessment to learn all this and more.
This concludes our blog series on Are your threat intelligence feeds saving you, or costing you? We’ve turned this series into an eBook which you can download by clicking on the link to Enhancing Threat Feeds with Analytics or visit our Learning Library.