Recorded Future - Why We Wrote ‘The Threat Intelligence Handbook: Second Edition’

Today, cyber threats are coming from everywhere — the open web and dark web, but also partners and other third parties, brand attacks, and internal threats — and digital business risk is at an all-time high. This leaves everyone without a true, comprehensive view of their entire threat landscape vulnerable. Recorded Future’s goal is to provide that comprehensive view to help you reduce your risk.

That’s where security intelligence comes in.

The Recorded Future® Platform is the main way we give you access to the intelligence you need, but using it effectively first requires an understanding of how to get the most out of intelligence in general. To help develop that understanding, we wrote a book last year — The Threat Intelligence Handbook. It was a first step toward putting everything we knew at the time about threat intelligence into one place.

But things change quickly in the cybersecurity world, and we knew we could provide an even better foundation. That’s why this year, we updated the handbook with a second edition that expands our definition of a comprehensive security strategy beyond just threat intelligence into what we call security intelligence: an approach that includes brand protection and third-party risk management as two additional, essential pillars of cybersecurity alongside threat intelligence.

Before we get into the details of the new edition, it’s worth briefly discussing the question of how to get the most out of your intelligence. A word that comes up a lot in this context is “actionability,” as in, “Is this threat intelligence actionable?” This is a great example of business jargon that gets thrown around a lot without much care for what it actually means. Actionability can be a vague word, but the underlying concepts are essential.

Actionability Defined

We have used the word actionable and its derivatives many times throughout our publications — it’s an easy shorthand. But just as we’re moving toward a new paradigm of security through our concept of security intelligence, it’s also important that we provide a clearer, more illuminating explanation of what actionability actually entails.

In short, actionability refers to being able to cause a change that will have an operational outcome which can be measured and communicated. For something to be actionable, it must have certain criteria that can be meaningfully measured in consistent, unambiguous units — and whoever is measuring and reporting on that item must understand their audience well enough to effectively communicate that change. It can be further defined as:

  • Taking an action that we expect to cause a change in our systems, processes, or workflows
  • Measuring that change in certain, concrete ways (for example, a change in risk levels, an increase in productivity, or a reduction in spending)
  • Knowing how to communicate that change in a language that our audience (for example, the rest of our team, our manager, or our organization’s board of directors) can understand through deliverables that contribute to a consistent cycle of action, reflection, and improvement

What often happens instead, in our experience talking about threat intelligence with our partners and clients, is that people will often say, “I need intelligence that’s actionable.” What that means to them is completely up to the interpretation and discretion of whoever else is in the room.

For example, deliverables for many organizations are things like daily or monthly reports that might get read by a few SOC analysts or executives — but what happens after that? In a troublingly high number of cases, the answer is that nothing happens after that.

Through no fault of their own, cybersecurity professionals of all kinds just have so much work to do and get so ingrained in their workflows, that oftentimes nobody stops and asks why these reports are getting produced. A big reason why is that they simply lack a framework of action — they don’t even know where to begin. Providing that framework, all in one place, is one of the primary objectives of the Threat Intelligence Handbook.

What You’ll Find in the Second Edition

In this second edition of the book, you’ll find a completely new introductory chapter on threat intelligence that breaks down what threat intelligence is and how every security function benefits from it, as well as two entirely new chapters — one on third-party risk reduction, and one on brand protection. Together, these three principles of the security intelligence philosophy provide the comprehensive view of your internal and external threat landscape, which every organization needs today to reduce cyber risk and stay ahead of threats of all kinds. This information comes alongside an updated introduction and foreword, a new conclusion chapter, and additional images, diagrams, and case studies.

As in the first edition, this book still deftly explains how security intelligence helps teams working in security operations, incident response, vulnerability management, risk analysis, threat analysis, fraud prevention, and security leadership make better, faster decisions and amplify their impact.

Security intelligence is a framework for amplifying the effectiveness of security teams and tools by exposing unknown threats, informing better decisions, and driving a common understanding to ultimately accelerate risk reduction across the organization. We’re thrilled to offer this second edition of the handbook as continued proof that Recorded Future is the number one resource to turn to for all things intelligence.

Get your complimentary copy of “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program” today.

The post Why We Wrote ‘The Threat Intelligence Handbook: Second Edition’ appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/threat-intelligence-handbook-second-edition/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more