Business Risk Intelligence: Finished, Strategic, and Critical for Protection Across the Enterprise
Business Risk Intelligence, or BRI, is something we often discuss. BRI is not only our vision for providing better, more contextual intelligence across the enterprise, but it’s something that we currently execute for numerous customers across 18 verticals. The adoption of BRI in the last year has been rapid, as more end users seek help after getting stifled with tactical indicators or finding out about their risk too late with surface web digital monitoring.
Yet, we still gladly reiterate what BRI truly is so we can help even more organizations — private and public sector alike.
Business Risk Intelligence broadens the scope of cyber intelligence beyond threat detection to provide relevant context to business units not traditionally afforded the benefits of intelligence derived from the Deep & Dark Web. By informing decision-making and improving preparation, BRI mitigates risk across the enterprise resulting in better decisions that protect a company’s ability to operate.
BRI applies to several use cases. While BRI can support traditional cyber challenges such as incident response or security operations, it also addresses insider threat, fraud, third-party risk, anti-money laundering, executive and employee protection, and physical security. The “I” in BRI is strategic versus tactical; it’s ingrained in our clients’ business decisions.
It’s with this in mind that I share our excitement over the latest Forrester report, “Vendor Landscape for External Threat Intelligence, 2017.” This report, which the firm calls a “course correction for the industry,” looks at threat intelligence across its many use cases, and even splits into categories of tactical intelligence, raw intelligence, and finished intelligence — the latter of which is most consumable.
I’m pleased to see how much this report resonates with the feedback we receive from our customers:
• We save them from the “trailing indicators” that Forrester warns about getting hung up on; they are “only helpful if there is business context around them.”
• Curated alerts, such as the one Flashpoint provides, are critical; Pastebin alerts are raw and unfinished and are not intelligence because they just show a keyword match, not sentiment nor details.
• We provide intelligence driven from multiple sources (Deep & Dark Web, surface web, and social media); however our focus is on the Deep & Dark Web since that is where early warnings of criminal activity largely occurs. The report even states the challenge of surface web data: “The reality is that there is a lot of valuable information that you can derive from open sources, but there’s no guarantee that what you’re getting isn’t repurposed marketing material.”
• We’re continuously told that our mix of sophisticated technology and human-powered analysis is our biggest differentiator. As the report says, “Frequently, the information gathered from the deep web requires a human to establish credibility to gain access to assets, making this a very specialized and sensitive source of intelligence.”
• Finally, the report urges decision makers to build their threat intelligence capabilities on a foundation of strategic intelligence, and to develop a “risk register” to help prioritize security focus and spend. This is something that Flashpoint broadly provides with our BRI Decision report, the latest edition of which was published last week.
All of these considerations are critical to the achievement of finished intelligence, which is more than just reporting, and is delivered with analysis and context. As a matter of fact, we recently introduced the latest version of our finished intelligence platform, which grants access to our expansive archive of intelligence reports and Deep & Dark Web data. Users in enterprises of all sizes and maturities, and across all business functions and use cases, can improve their decision-making abilities.
Several companies were highlighted in this report — including some of our strategic partners. I am proud of our team for their dedication to making BRI a reality, providing a finished, strategic intelligence outcome for our customers, and also to our customers who provide us the feedback we need to know we are doing the right thing, and ensure we continue to do the right things for them. As a matter of fact, we recently received this feedback from a threat analyst at one of our large financial services clients:
“In this finished intelligence product, what differentiates Flashpoint is its ability to pivot from reports directly into the actor conversation and take the story 10 times deeper. We can see more about what we care about, such as conversations about us, our clients, other companies; you get to the raw intelligence itself, which no one else lets you do.”