Over at Dark Reading, John Sawyer wrote an interesting article about the need for threat intelligence within organizations in today’s threat landscape. He notes that “Being able to keep up with changing technology, emerging threats, and information overload that goes with managing thousands to tens of thousands systems requires proactive efforts on the part of security pros”. Sawyer also points out that simply relying on the security products that you already have in place to protect your organization is not enough. The author makes a key point that “To adequately address the threats against their organizations, enterprise security pros need to understand exactly what they’re trying to protect — a seemingly innocent but burdensome task that requires them to know their systems and networks inside and out”.
With this last point highlighted, Sawyer goes on to advocate that organizations need to start developing processes to mine both internal and external threat intelligence. He notes that all organizations have log data that they could be mining for insight. Those that are tight on cash could write scripts to mine logs “to produce reports about failed logins, port scans, top IDS events, and more”. He further advocates the use of SIEM technology for those organizations that can afford it. The author also notes the importance of gathering external intelligence around threats, whether doing so manually or by leveraging paid services which provide the information.
One point in particular that Sawyer highlights is as follows: “security teams are being forced into developing threat intelligence operations to react quickly and mitigate new vulnerabilities as they crop up”. We at FireMon absolutely agree, but also advocate that just simply reacting quickly isn’t enough in today’s evolving threat landscape. Organizations today need to operationalize risk into their everyday security operations, and proactively identify and remediate potential risk to their networks before an attacker even has the opportunity to exploit a vulnerability. That is why we introduced our Risk Analyzer product last year, and why we are excited to incorporate that technology in our new Security Manager 6.0 release, providing the industry’s first complete security posture management solution. We invite you to see how this security posture technology can bring proactive and automated risk intelligence to your everyday security operations.