Fallacies in Threat Intelligence Lead to Fault Lines in Organizational Security Postures
- Published: Sunday, 13 November 2016 10:20
Treadstone 71 Training 2017 Organizations follow inaccurate definitions of threat intelligence leading to poorly conceived cyber threat intelligence programs. Vendors communicate threat intelligence definitions supporting their offerings propagating the fallacy that threat intelligence solves numerous security problems. (updated)
Cyber Threat Intelligence functions being built on a foundation that is not supported by standard intelligence tradecraft. Many programs support a fraction of the intelligence needs, yet stakeholders hold unrealistic expectations based upon expenditures.
Information security capabilities marginally improve as spending skyrockets and security posture improvement is limited to after-the-fact discoveries communicated as prevention.
Continued purchases of ‘threat intelligence’ tools based on the see-detect-and arrest paradigm ensure slow improvement and loss of data expansion. Intelligence program builds focused on technology capabilities repeats the historical problems of information security when firewalls and anti-virus represented the core of security programs.
Access to organizations who may be more advanced presents gaps in data available for this article. We based evidence upon direct access to some Fortune 500 organizations, discussions during cyber intelligence training classes, and actual intelligence program build activities.