REPORT
MAKING SENSE OF THREAT REPORTS FIVE TIPS FROM SECURITY PROS TO IMPROVE THREAT REPORT ANALYSIS AND ACTION
M
ost organisations have more threat intelligence than they know what to do with, from a variety of sources – commercial, open source, government, industry sharing groups and security vendors. Bombarded by millions of threat datapoints every day, it can seem impossible to appreciate or realise the full value of third-party data. In a recent CyberSocial webcast, industry experts David Grout, CTO EMEA for FireEye and Yann Le Borgne, Technical Director for ThreatQuotient, helped listeners tackle this challenge. Using threat reports as an example of one type of published threat information, they responded 30
CXO INSIGHT ME
MAY 2021
to real-time polling results as they provided advice on how to analyse a threat report and make it actionable. Here are five tips they shared.
1
Select the right sources of threat data for your organisation. When polled, the audience reported using a well-balanced combination of sources of threat intelligence. They are on the right track, but David explains that it is also important to identify the right sources for your organisation and collect threat reports from several different sources as they provide different levels of content – strategic, operational and tactical. Figure out the who, what and when for consumption
and use that for your metric for success when looking at acquisition. Yann adds that as open-source intelligence (OSINT) is free and easy to access, most organisations use it extensively. But organisations must also consider the trust and reliability of sources. Yann explains that in a classical hierarchy, the highest level of trust comes from the intelligence you generate and receive from your close network and peers, and OSINT information is placed at the lowest level. David recommends using trust models such as the Admiralty System or NATO System which classifies information from A to F for reliability and from 1 to 6 for credibility, particularly for new
