cicayda blog

You Didn’t Buy Intelligence

21 February 2017 / by Mike Tanji

security_2.jpg

Cicayda's Michael Tanji, new cyber security strategist, will continue to insure Cicayda delivers the most secure services and applications possible for its corporate, government and law firm clients.

A recent Ponemon study reported that C-level executives are suffering from a flood of “threat intelligence.” There is too much of it, it’s too complicated to make sense of, and its utility is questionable. I come across this situation a lot: people mistaking data for intelligence. If you’re being overwhelmed by “intelligence” you didn’t buy intelligence you bought a feed. You were already drowning in data and your vendor threw you a brick, not a life preserver.

How can you tell the difference between real intelligence and just more data? Well, with apologies to Jeff Foxworthy…

  • If your inbox is filled with “intelligence” reports that read like the news you heard on the commute into work, you might have bought something besides real intelligence.
  • If your SIEM inputs have gone up 500%, but you haven’t identified or stopped any threats, you might have bought something else besides real intelligence.
  • If you’re at the C-level and your “intelligence” report is full of technical and security jargon you don’t understand…
  • If you’re a security practitioner and your “intelligence” report is so light in details you stop reading them…
  • If your “intelligence” vendor touts their amazing automation, but doesn’t include a human who can make sense of all that data and why it should concern you…
  • If your “intelligence” vendor doesn’t take time to understand both your business and security goals in order to craft effective intelligence collection requirements…
  • If your “intelligence” vendor is full of people whose experience consists of working for threat intelligence companies but never actually practiced the craft…
  • If your “intelligence” vendor gives you a lot of conclusions but doesn’t explain how it drew them…

Machines create data, humans create intelligence. If you’re not better informed, if your decisions are not made easier, if you are not dealing with issues before they become problems, you should ask yourself if your “intelligence” vendor is actually providing value, or if they’re just making you pay for more storage.