#infosec15: Focus on People Not Tech for Best Threat Intelligence

Effective security controls, network-level visibility and talent are vital underpinnings to good threat intelligence, but IT teams need intellectual rigor rather than whizz bang tools to get the best results, according to a panel of experts.

CISOs and industry analysts took to the stage at Infosecurity Europe 2015 today to discuss strategies for how actionable intelligence can provide robust cyber defense.

Wendy Nather, research director for 451 Research, and FCC Group CISO Gianluca D’Antonio argued that despite its image as a high tech discipline, good threat intelligence ultimately requires human input to interpret and analyse data in a meaningful way.

“People talk about the technology but analysis needs the human brain to understand the potential impact [of threats],” said D’Antonio.

The idea of “context” is often bandied about by threat intelligence vendors, but frequently to refer merely to adding in “extra details” which on their own might not provide the right kind of insight, explained Nather.

The actual context, such as new partners or supply chain third parties the firm might be interacting with, must be added by humans to gain value. This is where input from the business side of the organization can be invaluable, argued D’Antonio.

Marc Lueck, director of global threat management for Pearson, argued that threat intelligence is a great opportunity for IT to expand beyond bits and bytes and into new areas like data analytics, which can be invaluable additional skills to have on board.

Just as important as using intelligence to highlight threats is to use it to disprove threats the business might be worried about but which will have little impact, he added.

The recipe for good threat intelligence should include timeliness, relevance and specificity, according to Nather. But it’s also important to focus outwards, added Noble Group CISO, Burim Bivolaku.

“We need to have software controls and network monitoring in place,” he explained. “But we also need intelligence providers to look at the environment outside our infrastructure because that will help augment the team looking inside.”

What’s Hot on Infosecurity Magazine?