SAN FRANCISCO -- The general thinking seems to be that more data is always better in terms of threat intelligence, but iSight CEO John Watters advises enterprises that quality and context are important factors when assessing risk.
"I would encourage people to start getting a baseline understanding of what threats are relevant to their business [and] which threats generate the greatest impact and negative consequence to their business," Watters said, "so they can focus their intelligence efforts. Rather than try to get all intel on everything, they can get intel on things that really present a threat to their business."
In this interview, recorded at the 2015 RSA Conference, SearchSecurity senior reporter Michael Heller sat down with Watters to discuss how businesses can get started with using threat intelligence and how it can be used in budget requests.
"Just data alone doesn't help you. You have to have the data linked to the threat context to inform a risked-based decision," Watters said, "because at the end of the day, cyber officers are now risk officers of their business."
Watters also said that reducing dwell time can only do so much, and the next step in security should be in security teams going on the offensive and actively hunting malware.