3 Waves of Threat Intelligence
Gartner's Lawson on How to Enable TI Tactically in the EnterpriseEnterprises must leverage three waves of threat intelligence services to make context-based security decisions rooted in information about the prevailing threat environment. This is the perspective from Craig Lawson, a research director at Gartner.
While threat intelligence is not a new phenomenon, Lawson says, what is new is the challenge of how enterprise security practitioners can use it tactically in their enterprises.
'Besides, they need to review their capabilities to determine how much external threat intelligence they need," Lawson says.
The three waves of threat intelligence services include:
- Point solution only and proprietary in nature as threat intelligence is available in all places, including endpoint, network, content security and monitoring; and going on in some cases on a decade;
- The second wave is where it starts getting complicated as enterprises use threat intelligence services for threat detection and response in the end point, next generation firewalls, IPS, secure email gateways, DLP and log monitoring;
- The third wave needs a smarter way to bring it all together, where the threat intelligence services are deployed end-to-end to prevent, detect and respond to new threats.
What is driving the third wave, he says, is using threat intelligence to forecast or anticipate threats using various tools and technologies, including big data analytics.
"What is important for security practitioners is to understand the maturity of their security environment and take necessary action in using threat intelligence services," stresses Lawson.
As a plan of action, "I'd recommend security leaders to review their threat intelligence usage scenario as a first step; and SIEM is a good place to start to analyse threat intelligence capabilities," Lawson says.
"Large enterprises, particularly the banking sector, are leveraging threat intelligence services in detecting vulnerabilities and in building an effective incident response mechanism," he says.
In this interview with Information Security Media Group, Lawson discusses ways to enable people and processes to drive actionable threat intelligence mechanisms. He offers insights on:
- A pragmatic approach to threat intelligence;
- Research on TI;
- When and how to use threat intelligence services.
A Gartner research director, Lawson focuses on network security, firewalls, web security, IPS, IDS, SIEM, log management, vulnerability management, advanced threats (APT), vulnerability research, network forensics and NBAD, virtualization security, managed security service providers and cloud security.