This includes being able to view threats from both the virtual and physical elements of your computing and applications infrastructure, as various analysts have written about. “Understanding the threat landscape is more than just looking at the threats, it involves understanding the external and internal factors that directly influence or enable the threats to materialize,” Stuart Peck, who has worked for numerous security vendors and wrote.
How you manage your post-incident workflow
The better TIPs can orchestrate any number of responses and mitigations to stop the threat and remediate the problems that result from a compromised computing element. “The value of threat intelligence is directly tied to how well it is ingested, processed, prioritized, and acted upon,” wrote Cyware in their report. This means a careful integration into your existing constellation of security tools so you can leverage all your previous investment in your acronyms of SOARs, SIEMs and XDRs. According to the Greynoise report “you have to embed the TIP into your existing security ecosystem, making sure to correlate your internal data and use your vulnerability management tools to enhance your incident response and provide actionable analytics.”
The keyword in that last sentence is actionable. Too often threat intel doesn’t guide any actions, such as kicking off a series of patches to update outdated systems, or remediation efforts to firewall a particular network segment or taking offline an offending device.
