Successful Threat Intelligence Starts with Partnership
By Chris Camacho
Threat intelligence capabilities can make your digital business more resilient, says Gartner in its latest Market Guide for Security Threat Intelligence Products and Services. The team at Flashpoint found this guide particularly interesting and applicable for risk and security management leaders to consider when evaluating the success of their programs.
Gartner’s guide points out that the value of threat intelligence services is often constrained by a given customer’s ability to ‘afford, absorb, contextualize, and especially, use the information provided by these services.’ The Flashpoint team was especially interested to hear this challenge because we pride ourselves on helping clients do just that. The Flashpoint Intelligence Platform contains finished intelligence, analyst research pages, collections and discussions derived from illicit closed communities, technical data, as well as the ability to view dashboards and analytics that showcase a comprehensive view of data measured against Flashpoint collections. And while this technology is fantastic, the technology alone often cannot contextualize the extent of an incident and how that impacts that client directly. Ultimately, the threat intel challenges that Gartner mentions can be solved with true vendor and client partnership. Flashpoint has a team of trusted experts, composed of former practitioners, helping our clients make sense of the data and answer the two most important questions about risk:
- So what?
- Why should we care about this incident, ransomware, threat actor group, etc.?
To layer on partnership as a key to threat intelligence programs, analyst augmentation was another focus area for this report. It is a need that Flashpoint sees with many organizations–large and small. This is essentially providing an organization with direct access to an analyst for their most critical security risks. Partnering with that team (onsite or virtually) to ensure that we are meeting their needs and the analyst resource provided is the utmost qualified to help with unique challenges. Flashpoint provides a (virtual) staff augmentation service which provides a full-time dedicated Flashpoint intelligence analyst who will serve as an extension of your team. When it comes to partnering with a vendor for threat intelligence, this is the holy grail.
Gartner points out that threat intelligence has also continued to expand beyond traditional security teams, operations, and use cases. They are seeing more functions within an organization utilizing threat intelligence like fraud, risk management, and even human resource departments. What Flashpoint found particularly interesting is that we have been focusing on sharing insights that such teams can utilize threat intel as a major component of our value proposition for years. From Flashpoint’s perspective, there is a use for threat intelligence across any area of a business. Every area of a business has some element of risk, so why not have all of the tools to assess that risk.
Another interesting take away from the report is that there is a more proactive community info-sharing approach with security teams. This, of course, is critical in solving the most complex security issues and threats. One wonders if the Coronavirus has also impacted information sharing and bolstered the belief that we are all in this together, and need each other to ensure we can combat malicious and threatening activity on the internet. Flashpoint Collaboration (FPCollab) is Flashpoint’s knowledge and information sharing group where clients can post questions, share IOCs, and collaborate with their peers on high-stakes challenges. Flashpoint has found that this is of tremendous value both for our customers and our internal teams alike as a key component of our partnership and delivering trusted intelligence.