Threat intelligence is one of the most frequently heard buzz words in the security industry today. With vendors jumping on this bandwagon, threat intelligence tools are inundating the market, and it can be difficult for organizations to know what to buy.
Ronald Plesco, principal and national lead of the Cyber Investigations, Intelligence and Analytics practice at KPMG LLP, can help cut through the hype. He said what really matters when considering buying a threat intelligence offering is "knowing your industry. Knowing the entities that are coming after you is key when you're trying to decipher what you should buy. I think that's first and foremost."
In this interview, recorded at the 2015 RSA Conference, Plesco broke down the basics of buying threat intelligence platforms, but when it comes to how much enterprises should pay for these services, he has a sticking point. "I can't give you a dollar amount, but I can tell you that you get what you pay for." However, he did say he has worked with some companies who have spent nearly $20 million.
As for whether companies should decide to process threat intelligence information manually or use an automated approach, Plesco advocated for a combination, since both options have their own challenges.
"On the manual side, time is the issue that pushes the detection deficit … but the challenge with automated is that it isn't necessarily coming custom-configured to your environment," Plesco said. "So a balance needs to be struck between these two. Some of the better threat intelligence teams … do it manually and then automate that process."
Plesco's main advice to enterprises considering investing in threat intelligence platforms is simple: "Do your due-diligence on a couple things before you even go out. I said it initially and I'll say it again: Understand the threat space that you find yourselves in. If you don't, you could buy a lot of appliances that will end up being shelfware or just won't apply to the attack surface that you have and the threat environment that you find yourself in."