With financial pressure falling on business leaders, cutting costs can be necessary for survival. Being understaffed and ignoring critical business operations is not an option, particularly with security and intelligence. With security and intelligence investments tied up in expensive technology and resources, leaders know they must evaluate alternatives to advance operations and mitigate risk. However, the “firehose of noise” delivered by intelligence products obscures intelligence's value and overwhelms security teams with meaningless alerts. It’s time for security leaders to consider managed services for their threat intelligence needs.
Managed services have a history of well-executed delivery while providing cost savings and flexibility. Unsurprisingly, managed services adoption grew roughly 60% faster from 2008-2010 than in years prior. During these periods of economic challenges, particularly for regulated industries, managed services enabled security teams to harden their defenses despite financial constraints. Managed service providers (MSPs) filled a critical need by providing technology, IT expertise, and resources as a service. Not only did businesses upgrade expertise, technology and tools, but they reduced upfront costs and capital expenditures (CAPEX) in exchange for committing to a sustainable contract with their MSP.
Threat intelligence is sometimes considered easier to cut than other aspects of cybersecurity. “Outside the firewall” collection gaps, lack of defined organization-specific requirements, insufficient client-specific intelligence and difficulty in procuring talent internally make the nature of intelligence work challenging. Further, the “firehose of data noise” often leads to alerts that overwhelm stakeholders such as a SOC.
However, geopolitical conflict and economic turbulence are interconnected, particularly in physical and cyber intelligence domains. Consider an array of cyber, physical and executive intelligence focuses a company must address on a given week:
- Digital Threats to the Company: Vulnerabilities discovered every week
- Social Media and Tech Forums: Negative commentary discussing ways to bypass controls
- Hacking Forums and Dark Web Marketplaces: Leaked credentials and account takeovers happen every day
- Threats to Executives: Hate language against C-Suite
- Insider Threats and Complaints: Users claiming inside access for sale
- Subsidiaries: Above threats toward subsidiaries owned by the company
- Threats to Employees: Threats to employees via social media and closed forums
- Foreign Influence Campaigns: Company assets in foreign countries are exposed to China's control, and intellectual property theft exposes company assets in foreign countries
- Threats to Wider Industry: Relevant attacks against competitors
For security teams to have coverage of many of these threats across intelligence domains, threat intelligence as a managed service should be considered. After all, threat intelligence is a critical element of any serious security strategy, but few security teams have the expertise or resources to tackle all the threats they face.
Managed intelligence providers fill a crucial gap by combining people, process and technology to deliver threat intelligence as a service, allowing organizations to offload resource-intensive tasks to an experienced provider, including:
- Generation of intelligence specific to your organization
- Delivery of analyst-led intelligence with access to analysts
- Utilization of multi-source collection and analysis capabilities
- Access to multilingual data sources and analysis
- Discovery and understanding of the adversarial mindset (motivations and intended outcomes)
- Attribution and unmasking of adversaries
- Providing intelligence advice and threat actor engagement guidance
- Understanding all disruption outcomes enterprises can leverage across all stakeholders (legal, HR, engineering, etc)
Unfortunately, cyber threat “intelligence” (CTI) vendors have hijacked the meaning of threat intelligence, creating confusion about its real value. While the CTI market exceeds $10 billion, it generally consists of data feeds using the broadest data lakes and AI and ML to detect known threats. While it makes sense to buy a feed to address one specific pain point, often customers want more return on their investment specific to a wider array of risks.
To properly defend and proactively mitigate risks, you need a team that understands and stays current with the intelligence lifecycle and domain expertise that addresses the organization’s risk. From cyber, to fraud, to trust and safety, to physical protection for key people, places and assets, you must find a way to detect and respond to threats in a scalable model that joins an organization's intelligence workflows to deliver outcomes.
