Cyber Threat Intelligence (CTI) appears to be one of the hot topics in information security at the moment. Almost every vendor as well as the open source community has their unique take on what is, and what is not important in the CTI arena. I have been asked a number of questions by clients and colleagues alike about CTI. Many questions focus on whether threat intelligence is worth investing in right now, or budgeting for. It is a good question, but to be honest I am probably the wrong person to ask. After close to twenty years in the information security industry, I am always a little sceptical of the next big thing, given the long line of next big things I have seen during my career. My scepticism is exacerbated when vendors claim that their method or technology is better or more robust than those of their competitors. My scepticism is magnified when vendors keep their approach secret or don’t provide any data or evidence to back up their claims. A good recent example is that of Norse Corporation, who had a rapid, well publicised and complete unravelling, when it was revealed that their secret CTI methods and products proved little more than highly polished marketing claims.
Perhaps a better question would be, ‘what business problem will CTI actually solve for me and my organisation?’ or ‘how long until CTI is mature enough to justify investment?’ or even, ‘What do I need to consider before investing?’
In this post series, I’ll be answering these three questions in turn: