There is no shortage of threat intelligence companies trying
to sell you something. Most of what is sold or even available for free isn’t very
good.
So where do you go for some of the best threat
intelligence for your organization? Shhh…it still has to be a secret. That best
source is the information already residing in your own systems.
What do I mean?
Want to know where you have gaps in your incident response
process? Review your previous incidents. What controls would have prevented the
incident that you still don’t have in place?
Want to know how to improve your controls against breaches? How
about walking through documented breaches with your security, engineering,
& ops teams and pausing at each step in the kill chain for the breach. At
each step, ask two simple questions – what controls do we have in place to
detect this activity and what controls do we have in place to block it?
If you ask the right questions about what isn’t being
caught, you’ll not only identify missing controls but also identify
functionality in your existing tools and licenses that can be easily enabled at
zero or little cost…..just like my team did to crush the disruption of malicious emails. The alternative is to pay for a
feed of primarily hashes, IPs, and host names that may mostly be out of date
when you receive them.
Follow me on Twitter for the latest blog updates: @Opinionatedsec1
SEE ALSO
The Five Pillars of a Successful Application Security Program
Develop Security Metrics That Also Are Your Remedy Negotiation
Cybersecurity Needs Style Points
No comments:
Post a Comment