Threat Intelligence Purchases
February 8, 2022
Many companies are (rightly) are putting more emphasis on cybersecurity. In order to make the task easier and more efficient, a business might invest in software to help manage and analyze all the data involved. BetaNews offers “Five Pointers for Choosing a Threat Intelligence Platform: What to Look For in a TIP.” We see this write-up as but a starting point—it holds some useful pointers but includes no benchmark about SolarWinds and Exchange type exploits. Nor does it address the vital points of insider threats and phishing. Readers looking to expand their cybersecurity efforts would do well to carry their research beyond this article. That said, we turn to writer Anthony Perridge’s description of a TIP:
“A Threat Intelligence Platform, or TIP, serves as a central repository for all threat data and intelligence from internal and internal sources. Correctly configured, the TIP should be able to deliver essential context around threats that helps the team understand the who, what, when, how and why of a threat. Crucially, it should also help prioritize threats, based on the parameters set by the organization, filtering out the noise so the resulting actions are clear. A good TIP benefits a range of stakeholders, from the board aiming to understand strategic risk to CISOs focusing on improving defense while staying on budget, and from security analysts collaborating more effectively to incident response teams benefiting from automated prioritization of incidents. Knowing what you need to invest in is the first step. The next is to understand the key features you need and why. There is a lot to consider, but in my view the following are five key areas that should be on your checklist as you evaluate TIPs.”
The piece goes on to describe each of these five factors: support for both structured and unstructured data (shouldn’t that be a given by now?); the ability to provide context around data; how the platform scores and prioritizes indicators; the integration options available; and effective automation balanced with manual investigation. Then there are the “business considerations,” in other words, the costs involved. For example, TIPs are usually offered on a subscription, per user basis. One should consider carefully how many users should get access—teams outside security operations, like risk management, might need to be included. Also, pay close attention to the fees that can add up, like integration and cloud hosting fees. See the write-up for more information; just remember not to stop your investigation there.
Cynthia Murrell, February 8, 2021