Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Leveraging Managed Services to Optimize Your Threat Intelligence Program During an Economic Downturn

With financial pressure falling on business leaders, cutting costs can be necessary for survival. Being understaffed and ignoring critical business operations is not an option, particularly with security and intelligence. With security and intelligence investments tied up in expensive technology and resources, leaders know they must evaluate alternatives to advance operations and mitigate risk.

With financial pressure falling on business leaders, cutting costs can be necessary for survival. Being understaffed and ignoring critical business operations is not an option, particularly with security and intelligence. With security and intelligence investments tied up in expensive technology and resources, leaders know they must evaluate alternatives to advance operations and mitigate risk. However, the “firehose of noise” delivered by intelligence products obscures intelligence’s value and overwhelms security teams with meaningless alerts. It’s time for security leaders to consider managed services for their threat intelligence needs.

Managed services have a history of well-executed delivery while providing cost savings and flexibility. Unsurprisingly, managed services adoption grew roughly 60% faster from 2008-2010 than in years prior. During these periods of economic challenges, particularly for regulated industries, managed services enabled security teams to harden their defenses despite financial constraints. Managed service providers (MSPs) filled a critical need by providing technology, IT expertise, and resources as a service. Not only did businesses upgrade expertise, technology and tools, but they reduced upfront costs and capital expenditures (CAPEX) in exchange for committing to a sustainable contract with their MSP.

Threat intelligence is sometimes considered easier to cut than other aspects of cybersecurity. “Outside the firewall” collection gaps, lack of defined organization-specific requirements, insufficient client-specific intelligence and difficulty in procuring talent internally make the nature of intelligence work challenging. Further, the “firehose of data noise” often leads to alerts that overwhelm stakeholders such as a SOC.

However, geopolitical conflict and economic turbulence are interconnected, particularly in physical and cyber intelligence domains. Consider an array of cyber, physical and executive intelligence focuses a company must address on a given week:

  1. Digital Threats to the Company: Vulnerabilities discovered every week
  2. Social Media and Tech Forums: Negative commentary discussing ways to bypass controls
  3. Hacking Forums and Dark Web Marketplaces: Leaked credentials and account takeovers happen every day
  4. Threats to Executives: Hate language against C-Suite
  5. Insider Threats and Complaints: Users claiming inside access for sale
  6. Subsidiaries: Above threats toward subsidiaries owned by the company
  7. Threats to Employees: Threats to employees via social media and closed forums
  8. Foreign Influence Campaigns: Company assets in foreign countries are exposed to China’s control, and intellectual property theft exposes company assets in foreign countries
  9. Threats to Wider Industry: Relevant attacks against competitors

For security teams to have coverage of many of these threats across intelligence domains, threat intelligence as a managed service should be considered. After all, threat intelligence is a critical element of any serious security strategy, but few security teams have the expertise or resources to tackle all the threats they face.

Managed intelligence providers fill a crucial gap by combining people, process and technology to deliver threat intelligence as a service, allowing organizations to offload resource-intensive tasks to an experienced provider, including:

  1. Generation of intelligence specific to your organization
  2. Delivery of analyst-led intelligence with access to analysts
  3. Utilization of multi-source collection and analysis capabilities
  4. Access to multilingual data sources and analysis
  5. Discovery and understanding of the adversarial mindset (motivations and intended outcomes)
  6. Attribution and unmasking of adversaries
  7. Providing intelligence advice and threat actor engagement guidance
  8. Understanding all disruption outcomes enterprises can leverage across all stakeholders (legal, HR, engineering, etc)

Unfortunately, cyber threat “intelligence” (CTI) vendors have hijacked the meaning of threat intelligence, creating confusion about its real value. While the CTI market exceeds $10 billion, it generally consists of data feeds using the broadest data lakes and AI and ML to detect known threats. While it makes sense to buy a feed to address one specific pain point, often customers want more return on their investment specific to a wider array of risks.

To properly defend and proactively mitigate risks, you need a team that understands and stays current with the intelligence lifecycle and domain expertise that addresses the organization’s risk. From cyber, to fraud, to trust and safety, to physical protection for key people, places and assets, you must find a way to detect and respond to threats in a scalable model that joins an organization’s intelligence workflows to deliver outcomes.

Written By

Landon Winkelvoss is Co-founder and VP of Security Strategy at Nisos.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...