“No matter the size of an organization, there should be a seamless process to feed threat intelligence into the defensive technology stack,” Denning says. “This requires the system to be architected, configured, and designed to consume intelligence. Equally important is the ability of the system to generate reporting and metrics to determine the quality and efficacy of the ingested intelligence.”
Additionally, the security team needs enough insights into the organization’s IT environment, business operations, strategy, and sector to effectively operationalize threat intel. Having those insights allows analysts to, first, identify what threat intelligence feeds and reports matter most to the organization and, second, home in on the data within those intelligence reports that’s most meaningful for the organization and its unique security posture so they can put it to use.
3. Filtering out the noise to reduce security workloads
Even when CISOs have relevant intel integrated into their security program, they often still struggle to filter out the noise to focus on the data that actually indicates a potential threat, Simpson says.
