20 Aug Mandiant: Securing The Future
Jamie Collier, senior threat intelligence advisor at Mandiant looks at how cyber threat intelligence teams can be empowered with a requirements-driven approach.
The ever-evolving landscape of cyber threats poses significant challenges to organisations worldwide. As threat actors continue to become more sophisticated, it is important for cyber threat intelligence (CTI) teams to adopt innovative strategies that allow them to stay ahead of the curve. Implementing a requirements-driven approach can significantly enhance the efficiency, utility and value of an intelligence programme. By adopting this approach, intelligence functions can effectively prioritise and balance competing demands, ensuring that resources are allocated where they are most needed. Successful CTI functions give paramount importance to stakeholder intelligence requirements, guaranteeing that the gathered information aligns with the strategic objectives of the organisation. The emphasis lies in the fact that every CTI team, irrespective of its scale or available resources, has the potential to enhance its effectiveness by adopting a requirements-driven approach.
In a recent global survey conducted by Mandiant, it was discovered that 96% of security decision-makers recognised the significance of comprehending the specific threats that could potentially target their business. However, the survey revealed that a significant majority (79%), frequently make decisions without valuable insights from adversaries. This highlights the prevailing issue of operationalising threat intelligence, which poses a challenge for many security functions.
In response, a requirements-driven approach to CTI emerges as a solution, introducing fundamental elements that lay the groundwork for a flourishing intelligence capability within organisations. Implementing such an approach helps overcome this challenge by operationalising threat intelligence and introducing the essential building blocks for a thriving intelligence capability. It presents an opportunity for companies to bridge the gap between knowledge and decision-making, enhancing their ability to proactively respond to threats.
The Required Solution
To successfully implement a requirements-driven approach, a clear strategy is essential. While the concept may seem simple, maintaining a consistent focus on stakeholder needs requires discipline, structure and unwavering attention. Fortunately, building and sustaining this type of concept is both achievable and straightforward.
All cybersecurity functions and CTI teams face constraints in resource-limited settings. Hence, security professionals need to adopt a practical and discerning approach when embarking on new initiatives, recognising that each choice carries an opportunity cost. This approach enables them to make informed decisions, prioritise resources effectively, and improve their overall security posture. Implementing a requirements-driven approach sets the foundation for a thriving intelligence capability within organisations, enhancing their ability to detect, respond to and mitigate cyber threats.
The concept of a requirements-driven approach can be compared to a cyclical or systematic process, similar to the well-known threat intelligence lifecycle. However, it is common for the intelligence lifecycle to be portrayed in a somewhat abstract manner, lacking detailed explanations of how each stage operates in practical terms. To develop a more practical understanding of their workflow, CTI teams need to delve deeper into defining their processes. The framework incorporates several essential pillars, including:
Stakeholder analysis: This involves
identifying the consumers of threat
intelligence within an organisation,
understanding their roles, tasks,
challenges and how CTI can assist them.
Intelligence requirements: This step
focuses on pinpointing the specific needs
for collecting, analysing, producing
or disseminating threat intelligence,
ensuring that the efforts are purposeful
and aligned with company objectives.
Cyber threat profile: By establishing a
cyber threat profile, CTI teams gain crucial
context on the most pertinent threats
within their organisation’s sector, industry
and region, aiding them in prioritising
their intelligence efforts effectively.
By delving into these core pillars and incorporating them into their practices, CTI teams can develop a more comprehensive and pragmatic understanding of their workflow, facilitating their ability to provide targeted and valuable threat intelligence to their company.
A pragmatic approach
Executing any framework or approach presents a significant challenge, but adopting a requirements-driven approach proves to be attainable and uncomplicated when put into action. To help make it a reality, we emphasise a pragmatic step-by-step approach that speaks to the ground truth of CTI functions. Steps include making note of stakeholder profiles and intelligence requirements, expert advice and gathering and incorporating effective feedback. In today’s dynamic and ever-changing threat landscape, the adoption of a requirements-driven approach emerges as a crucial imperative for CTI teams determined to maintain a proactive stance against cyber threats. By aligning intelligence efforts with the specific needs and demands of stakeholders, organisations can forge a stronger defence, enabling more informed decision-making, optimal resource allocation and an overall fortified security posture. Embracing this approach empowers CTI teams to outpace adversaries and safeguard the integrity of their digital ecosystems in an increasingly complex and volatile cyber landscape.