Using intelligence is about exploiting a number of information collection and analysis sources to provide input into key decisions and future planning. Intelligence should be collected according to a plan, so that the right sources are exploited for maximum benefit.
Security intelligence is no different. Organisations that wish to use security intelligence to greatest benefit will have to identify the key decisions they need to make: where and how they can collect the data; and how to analyse it and present it in a form useful for decision-making.
This means a proactive, forward-looking approach to security is required, and that approach must be geared to more than virus signatures and technical security – it must look at the environment in which the business and its security are operating.
One such way is to use "plest" (political, legal, economic, socio-cultural and technical) analysis as a template to gather and analyse material. The ISF’s long-running Threat Horizon does just that, and uses the insight to create a number of scenarios. Each scenario lays out a likely business and security issue that may materialise in the next two years.
These scenarios can then be used to frame decision-making, plan future data collection and plan responses. Additionally, the organisation can use big data approaches to analyse both structured and unstructured data to identify trends, attack profiles and possible threats, and compare these to predictions of the future environment.
Organisations which do not wish to develop their own intelligence capability – the cost of data collection and analysis may outweigh the benefits – can use an external supplier. This may be more cost-effective, but organisations should ensure that the supplier is able to collect the data needed to avoid inaccurate analysis and flawed decision-making and planning.
Adrian Davis is principal research analyst at the Information Security Forum (ISF).