When it comes to threat intelligence, you have to walk before you run. While the term has garnered quite a significant amount of attention in recent years, many in the information security community still have a ways to go when it comes to leveraging threat intelligence efficiently.
As far as the state of threat intelligence in information security is concerned, is still a bit immature, according to Lance James, Chief Scientist at Flashpoint.
He believes that there’s a line between what threat intelligence is, and what the actual tradecraft of intelligence is, and this has played into a gap in the “perfections” of things that could be in threat intelligence.
James recently conducted a workshop at the InfoSec World Conference & Expo in Orlando, Florida that focused on giving attendees a hands-on experience at working with data science-driven threat intelligence.
Part of the workshop involved an exercise in building a prioritized intelligence requirement, which he says is a critical step that consists of analyzing processes and should be conducted before even leveraging technology. This helps security practitioners ask the right questions and take the right approach when they finally analyze data.
Unfortunately, many practitioners dive right in and being to analyze troves of data before taking the right steps in understanding what they’re looking for.
“There are missing gaps in today’s threat intelligence,” James says. “When you see where it was and where we are today, I think there’s a lot of work to be done.”
In the full interview with InfoSec Insider below, James shares his take on the state of threat intelligence today, what the correct approach is, and provides some uncommon tips on developing a successful threat intelligence program.