Which is Better? Threat Intelligence or Security Analytics?
Submit your questions to: [email protected]
This week Richard Stern from Minnesota asks:
Q: “We are looking to determine and reduce our potential exposure but are trying to figure out whether threat intelligence or security analytics will provide us the information we need. Is there really much of a difference between them, if so what is it and which one will give us more bang for our buck?”
To give you a meaningful answer, Mr. Stern, I'm going to have to skew old a bit and reminisce about a Steve Martin comedy routine from the 1970's. He did a bit on how he wanted a better sound when he was playing records1 on his old stereo system. He went milliphonic (1000 speakers), still sounded crappy. He finally went "guglaphonic -- the highest number of speakers before infinity" -- but no improvement.
He finally said “Hey, maybe it is the needle!2”
So, Mr. Stern, to determine and reduce your potential exposure, please, please first check your “security needle” before going guglaphonic with threat intelligence or security analytics or anything else.
Have you addressed basic security hygiene yet? Most successful attacks can be traced to misconfigured systems, unknown and unpatched servers, lack of configuration management, glaring vulnerabilities in web servers, etc. The Verizon Data Breach Investigation Report points this out year after year. Don’t spend a dime on anything else until you’ve at least reached this point – the Critical Security Controls effort by the Council on Cybersecurity is a good place to start.
I’d still hold off on that urge to jump into threat intelligence and security analytics until you look at some universally high payback security controls – whitelisting on servers, stronger web security gateway, anti-phishing top among them.
Finally, do you have a Security Information/Event Management system in place? Is it capable of doing more than feeding the various compliance monsters by spewing out reports each month? If so, you are finally ready to think about threat intelligence and/or security analytics – you will essentially have a pretty good security needle in place and we chat about some good speakers!
Footnote 1 – Records are those old vinyl things with a hole in the middle, played on a turntable using a stylus or needle.
Footnote 2 – Needles cost twenty nine cents at the time.