August 24, 2016
Joe Franscella

How Do You Know Which Threat Intelligence Platform Is Right For You?

<p>When creating your cyber-security plan, all the elements must work together to meet your needs. Every organization has different workflows, resources, and people. Platforms protecting all of these elements must work together seamlessly to keep intruders out of your network.</p><p>A hacker only has to be successful once to gain a foothold into your network, but unfortunately, you are tasked with being prepared 24/7. A full comprehensive plan requires skilled administrators and compliance by users, but your initial software investment is an important component over which you have more control. Intelligence is a complex process whereby the human understanding of suspicious traffic is translated into automated alerts. When exploring your options, there are lots of different aspects to compare side by side. Solutions are not created equally with respect to providers, platforms, enrichment, and integration. Keep these questions in mind as you explore options:</p><p><strong>To bundle or not to bundle?</strong> Will the platform you are considering be compatible with the other security programs in place? A threat intelligence platform must work in conjunction with other elements of the security system. Intelligence is the practice of using knowledge about malware, established patterns and other “red flags” in context of your network traffic. The threat intelligence platform doesn’t gather this data, but rather analyzes it. Some packages come all together with SIEM, firewall, and intelligence all together. If you have invested time into configuring your firewall and it’s working well, you may wish to find a <a href="">threat intelligence platform which integrates</a> with them. In other scenarios it may be wiser to go with an all-in-one suite to meet your needs for blocking known malware as well as the collection, storage, and analysis of all other traffic.</p><p><strong>Is it a <em>personnel</em> matter?</strong> How much training and support do you need? Do you have the security and risk professionals appropriate to manage this solution or will that create another expense? If so, can support professionals shore up any gaps in the technology team?</p><p><strong>How about a year from now?</strong> Before committing, perform your own intelligence on the developer’s track record. Can you reasonably expect them to stay on top of changes? At the very minimum the company must be around to provide updates and support. Ideally, your threat intelligence platform is backed by experts who are <a href="{page_241}">driven to innovate</a>.</p><p><strong>Are you required to share?</strong> The <a href="" target="_blank">US government is getting involved</a> in the cyber-intelligence community. For government entities, sharing the indicators of compromise which drive threat intelligence is already mandated. For the private sector, volunteering intelligence is currently recommended and encouraged.</p><p>When you are selecting a threat intelligence platform, it is not an occasion to be a spendthrift. Since a <a href="" target="_blank">DDoS attacks cost upward of $40K per hour</a> to address and are known to take out small businesses permanently, your budget should rise to meet your security needs. You can reduce the cost of your initial investment if you take the DIY approach. When you download open source software, there is no cost. It’s free! There are inherent labor and hosting costs, but you are free to customize the source code to your own free will. Sharing intelligence with other users, you work together to identify and stalwart hackers.</p><p>Think of the total of your assets, weaknesses, strengths, and threats as a puzzle. If you’re not using a threat intelligence platform, you are missing pieces. Your organization will be equipped to make well-informed decisions only after discovering the actual landscape surrounding you.</p><p>There are a myriad of methodologies and models for managing threats and threat hunting by threat analysts. Culture wars inside organizations over which model provides the right approach for the security organization and provide business value create friction amongst security team members. We also see an ever growing number of data breaches that indicate the need for a shift to a single unifying methodology and model that incorporates the elements of all to slow the growing number data breaches.</p><p>This white paper describes the Anomali Match model which focuses on prioritization and relevance for both security operations and threat analysts.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-522663a1-2e23-4655-9c36-592b876fdb70"><span class="hs-cta-node hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" data-hs-drop="true" id="hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="{page_3455}" href="" id="cta_button_458120_ae87b536-87f5-4cf1-85e5-1cf25faf63c6" style="margin: 20px auto;" target="_blank" title="Free Download Here">Free Download Here </a> </span> <script charset="utf-8" src=""></script> <script type="text/javascript">hbspt.cta.load(458120, '522663a1-2e23-4655-9c36-592b876fdb70', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.