Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

5 “Actionable Intelligence” Questions Enterprises Should Ask Before Being Breached

From ongoing threat research, to crowd sourcing information, to Big Data analytics, and the list goes on, some security solutions provide mountains of data that are getting higher all the time. And while all of this “intelligence” is important (and potentially overwhelming), enterprises need to take a step back and ask a significant question before they find themselves breached; not after: is the intelligence supplied by our security solution truly actionable?

From ongoing threat research, to crowd sourcing information, to Big Data analytics, and the list goes on, some security solutions provide mountains of data that are getting higher all the time. And while all of this “intelligence” is important (and potentially overwhelming), enterprises need to take a step back and ask a significant question before they find themselves breached; not after: is the intelligence supplied by our security solution truly actionable?

At first glance, this question may seem redundant. After all, isn’t it a given that security solutions deliver actionable intelligence? The answer is yes and no. Yes, virtually all security solutions deliver actionable intelligence. But no, they do not all provide it to same extent, level, quality, and degree. And the absolute worst time for an enterprise to discover a gap between what they expected and what they need is during a cyber attack. That is like learning that the building’s sprinkler system is ineffective — or even worse, broken — during a fire.

Actionable Security IntelligenceWith that being said, it is both fair and necessary to highlight that the definition of “actionable intelligence” can differ from vendor to vendor; and this difference can be surprisingly, even shockingly large. As such, it is up to enterprises to do some digging — proactively, not reactively — and ensure that the intelligence supplied by their current or prospective security solution is truly actionable, and not just an attractive marketing claim.

To that end, here are five questions that enterprises should ask about actionable intelligence now, not later:

1. Can we identify compromised assets within the corporate network, as well as beyond the corporate network (i.e. remote employees, 3rd party vendors, distributed sites, etc.)?

2. Are we able to use indicators of compromise for further analysis?

3. Can we easily retrieve analysis results to get additional insight into network activity?

4. Can we correlate indicators from compromised devices with other security-related events?

5. Can we integrate all of our actionable threat intelligence into our legacy security solutions so that we get the protection we need?

Advertisement. Scroll to continue reading.

Simply put, enterprises should be able to answer an unqualified “yes” to each question, and not settle for anything less. Otherwise, what sounds good in theory will not translate into practice, and enterprises will find themselves scrambling to recover in the aftermath of an attack, instead of implementing a swift, accurate, and effective response based on truly actionable intelligence. The former is a risky proposition that threatens to severely and possibly permanently damage profits and reputations. The latter, however, is arguably the only way for enterprises to stay safe and keep the bad guys from getting the upper hand.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...