What is intelligence?
Before we can understand Managed Intelligence, let’s first define “intelligence.”
Intelligence delivers actionable information to drive a decision.
“Intelligence is not a data feed, nor is it something that comes from a tool. Intelligence is actionable information that answers a key knowledge gap, pain point, or requirement of an organization. This collection, classification, and exploitation of knowledge about adversaries give defenders an upper hand and forces defenders to learn and evolve with each subsequent intrusion they face.” -SANS Institute
Data is not intelligence. Data is the collection of raw facts.
Information is not intelligence. Information is the logical grouping of contextualized data.
Intelligence isn’t a product - it’s a process
“Intelligence” products, like the feeds and platforms, may contain meaningful and relevant information but only provide a raw collection of facts. As such, they are not, by themselves, truly actionable and are not finished intelligence. True intelligence is the intersection of critical data, technology processes, and human analysis that delivers timely, relevant, and actionable insight.
How can intelligence reduce my organization’s risk?
Most security teams think about intelligence in terms of Threat Intelligence. Threat intelligence is the process of developing knowledge and supporting data to help prevent or respond to a specific threat. Developing threat intelligence involves collecting, correlating, processing, analyzing, and refining information about emerging risks and threat actors’ activities to improve defenses, accelerate detection, guide response, and improve prioritization.
Security professionals have varying use cases and use different terms for threat intelligence.
Corporate Security teams aim to keep their organization’s people, locations, and property safe. To succeed they must assess, monitor and investigate threats across the physical, digital, and cyber domains.
96% of security leaders believe cyber security and physical security must be integrated or threats from both will be missed*. Why? Increasingly physical threats begin in the digital and cyber threats realm. We all see multiple examples of this daily in the news, where evidence of threats from individual threat actors or groups exists online well before the incident or attack. Examples of digital activities manifesting in real-world risks to people, locations, and assets include:
Cybersecurity teams focus on threats within the digital and cyber domains and often use threat intelligence to bolster their defenses from an incident or breach. They use the terms threat intelligence and cyber threat intelligence (CTI)interchangeably.
There are three types of threat intelligence - tactical, operational, and strategic.
Cyber security teams use threat intelligence for a wide variety of use cases and audiences.
|
Tactical |
Operational |
Strategic |
|
|
Use cases |
Threat monitoring and alerting Data leaks and exposure Ransomware attack |
Risk assessment Incident response Executive protection |
Insider threats M&A risk analysis Geopolitical and hacktivist risk |
|
Key audiences |
IT Admins & SOC Managers |
Security leaders |
Executive & board |
Given all of these threat intelligence use cases to cover on top of other responsibilities), it’s no wonder that 75% cyber security leaders admit to struggling to stay ahead of an ever-changing threat landscape, and 82% feel their organization’s approach to threat intelligence is too reactive*.
What is Managed Intelligence?
Now let’s look at managed intelligence. In the simplest terms, Managed intelligence is a managed services model for threat intelligence.
Threat intelligence is a critical element for any serious security strategy, but the reality is that few security teams have the expertise and resources to tackle all of the threats they face. A managed intelligence provider fills a crucial gap by combining people, processes, and technology to deliver threat intelligence as a service.
Why Managed Services for threat intelligence?
In short, building an intelligence program isn’t easy. Developing threat data into immediately useful intelligence takes time, skill, experience, and the right tools. And assembling and arming a security team that can cover the range of threats facing organizations today is challenging. It requires:
Many organizations who have their own intelligence teams realize they can’t do it all themselves. Even some of the largest companies on the planet with the most robust, sophisticated intelligence teams partner with a managed intelligence provider.
Threat data feeds and platforms are one part of the equation, but without the expertise to operationalize them, they fall short in addressing an organization’s unique needs and delivering specific, actionable outcomes. And raw data doesn’t provide immediately useful answers. People do.
The math works.
Depending upon your intelligence program objectives and the needs of your business, the cost of your initial team in terms of annual salaries alone $250,000 to $400,000. This doesn’t include benefits, ongoing training, and development to keep their skills current. It also doesn’t include the cost of the intelligence tools. Many organizations have turned to managed intelligence services and have enjoyed a very high ROI. For example, a Director of Threat Intelligence shared that their comprehensive Intelligence-as-a-Service purchase paid for itself in only 3 weeks!
Finished intelligence improves your organization’s security posture
Threat intelligence really needs to be finished intelligence to help improve your organization’s security posture.
*Source: Vanson Bourne 2022