BACKGROUND IMAGE: mastaka/iStock
Actionable threat intelligence needs machine learning, staff
Examples of the collection and analysis of information to make strategic decisions date as far back as the Bible and Homer's The Iliad -- from Moses sending spies to gather intel on the agricultural offerings of Jazer to Dolon volunteering to spy on how well the Greeks were guarding their ships.
Readers may wonder how spying in the Bible and The Iliad relate to modern-day cybersecurity. Sure, things have changed over the millennia, but the importance of insights gleaned has not. Whether it's mapping out an enterprise network or analyzing how well security tools guard devices and systems, intelligence gathering is a thriving -- and crucial -- component of today's infosec programs.
Fortunately for security teams, the means to conduct intel gathering have evolved. Unlike Moses and Dolon, cybersecurity analysts and admins have technology on their side. This is good news, as the sheer volume and velocity of cyberthreats outpace humans' ability to counter them. Actionable threat intelligence increasingly relies on automation to detect threats quickly and even avert them before the systems' human counterparts know an event occurred.
Yet modern cyberthreat intelligence systems aren't set-it-and-forget-it technology. Without the proper data fed into them, the algorithms' output can be rendered useless. And without complementary analysts and admins, even the most advanced systems are subject to threats. In addition, threat hunting tactics must accompany threat intelligence when environments such as the cloud are involved.
Security teams must stay up to speed on modern cyberthreat intelligence techniques to ensure their systems remain protected. In this guide, Andrew Froehlich outlines the common sources of cyberthreat intelligence and offers pointers to help organizations choose the best feeds for their enterprise needs. Then, Karen Scarfone discusses the emergence of machine learning in threat intelligence and provides advice on how to balance false positive and false negative security alerts. Finally, Sherri Davidoff details the top four challenges of cloud threat hunting and tips for surmounting them. Advice in this handbook will help enterprises protect data and reap the benefits of actionable threat intelligence and threat hunting.