Effective enterprise security has always required a blending of tools, and advances in the threat landscape are changing the careful balance that many have maintained. Protection and mitigation elements continue to be important, but the rate at which new threats appear now requires a much greater reliance on threat intelligence and tightly integrated solutions to provide insight into protection priorities and more efficient incident response.
Selecting, managing and integrating intelligence feeds can be complex and is fraught with hazards for those that are new to this arena. Gaining visibility into DNS indicators of compromise with actionable network context and responding to these events using existing security tools is difficult without integrated network and security tools.
This paper digs into the opportunities and challenges that exist for infosec practitioners.