Why Most End-User Threat Intelligence Is Awful (and What to Do Instead)
End-user companies know to set up firewalls or install antivirus software, but there are still many that are not taking the next step in adding threat intelligence into their security stack, and that may be for a good reason. Threat intelligence is a collection of data containing known-dangerous and suspicious IP addresses, domains, email addresses, file hashes and attacker groups. Similar to a police blotter, threat intelligence can tell you that an incident has occurred, but those incidents may be completely irrelevant to an organization. Essentially, threat intelligence is a police blotter from a city you don’t live in. Whether consuming threat intelligence from open-source feeds, U.S. Government Automated Indicator Sharing (AIS) feeds, or paid commercial feeds, it is designed to help businesses avoid danger. However, none provide more than basic, rudimentary value to an enterprise in this capacity. Although most contain encyclopedic reference material on types of attacks and atta...