Get in Touch Close Menu

Security Intelligence

SIX PHASES OF THE SECURITY INTELLIGENCE LIFECYCLE

Direction

This phase sets goals for the security intelligence programme. Identify, understand and communicate:

  • The information assets and business processes to be protected
  • The impact of losing assets or interpreting processes
  • The types of security intelligence that your organisation requires
  • The priorities about what you need to protect

COLLECTION

This is the process of gathering information to address the intelligence requirements, through a variety of means including those listed below.

  • Metadata and logs from internal networks and security devices
  • Threat feeds from various sources
  • Conducting conversations and targeted interviews with knowledgeable sources
  • News websites and blogs
  • Social media platforms
  • Scraping and harvesting websites and forums
  • Infiltrating sources such as dark web forums

Frequently Asked Questions (FAQs)

1. What is Security Intelligence?

Security Intelligence is the collection, standardisation, evaluation and analysis of security data generated by an enterprise. This data comes from the organisation’s network, applications, and IT infrastructure in real-time.

2. What is the importance of Security Intelligence?

Understanding the adversary and their Tactics, Techniques and Procedures is crucial to reducing risk. With a digitised attack surface, the enterprise can now use every single connected piece of software and hardware as a separate element in a sensor array. Collectively, this is used to build up a picture of the threats targeting an organisation so security teams can better prepare.

Security Intelligence can help with the following:

Improved standards and regulatory compliance: A clear view of risk is crucial to comply with standards such as PCI DSS, HIPAA, NERC CIP, SOX, and the ISO 27001 standard.

Enhanced remediation and detection

Reduce malware success rates and decrease dwell time to minimise the window of attack

Cost efficiency

Understand where resources should be deployed to better improve your risk equation and reduce wastage

Reduction of insider fraud, data leakage, and theft

Quickly monitor, identify, and mitigate insider threats by understanding where employees might be culpable for data loss and theft