The challenge for many organisations in a world of big data is distilling vast quantities of information from various sources in a way that it can be analysed, and then ensuring that the analysis can create intelligence that is actionable. Truly actionable intelligence allows the organisation to:
- understand threats, threat actors and their capabilities
- identify risks before they’re realised
- learn where exposed data may be lurking
- mitigate attacks more effectively
- determine countermeasures and controls
Correlating threat intelligence can help automate workflows, reduce noise and filter out malicious web activity. First, however, organisations must know:
What data needs to be protected? Not all data has equal value, so it’s critical to determine the enterprise’s most valuable assets.
Where is it coming from and where does it sit in the network?
Who has access to the data and how long will they need it?
Why do these people need access privileges?
When did they start collecting the data? Also, companies must be aware of how long it will be collected and when it needs to be discarded.
Without the answers to these questions, security practitioners are at a disadvantage — and criminals remain a step ahead.