Washing away the snake oil of threat intelligence presented at t2 2015

by David Chismon,

Summary : "Threat Intelligence" is at peak hype currently and is being seen by many organisations as the "cure for cyber". As such, many companies are leaping on the bandwagon and selling a vast array of products under the banner of TI. However, no encompassing definition exists as to what TI is and how to use it and ensure that it is protecting the organisation.
To respond to this we studied the field, in work supported by CPNI and CERT-UK, and present a model for classifying all types of threat intelligence to allow evaluation of them. We find that although much of what is being sold is unlikely to help protect organisations, there is a core idea that can, and which doesn't have to cost money.
David is a senior researcher and consultant with MWR InfoSecurity in the UK. His previous research includes analysis of how nation state attackers are exfiltrating data from corporate networks and biometric authentication in mobile devices. He was the lead author on the recent "Threat Intelligence: Collecting, Analysing, Evaluating" paper published with the support of CPNI and CERT-UK.