The Road to Actionable Threat IntelligenceVerizon's Ashish Thapar on Creating a Predictive Threat Intel Framework
Processing and parsing intelligence from all sources - external and internal, structured and abstract - across three important categories is essential to a proactive, predictive threat intelligence framework, says Ashish Thapar, managing principal at Verizon Enterprise Solutions.
The three types of threat intelligence are strategic, tactical and operational, he explains in an interview with Information Security Media Group (see: Treating Threat Intelligence as a Program).
"Strategic threat intel is about some of the business risks that align with cyber risk, and vice versa, in the operational environment. The second is tactical threat intel, which is the day-to-day intel on the TTPs [tactics, techniques and procedures], the IOCs [indicators of compromise] that the SOC [security operations center] and security teams can really consume," Thapar says. "The third is operational threat intel, consumed by the senior security staff members that could be at a higher level, talking about technology and platform risks, and perhaps some of the inputs from information sharing and analysis centers [ISACs], and industry groups and so on." (See: Threat Intelligence and the Power of Attribution)
While a lot of organizations concentrate on commercial threat intel feeds that are easily consumable into their technology system, these feeds may lack the right risk context for a particular business, he says. Organizations must first consider sources of threat intelligence that are closer to home, such as an internal tool and platform alerts and logs. A synergy between internal and external sources of intelligence is essential for building the complete risk profile of an organization and making the right decisions to take concrete actions, he says (see: Using Threat Intelligence to Prioritize Risks).
In this audio interview (see player link below image), Thapar describes what security practitioners need to know about threat intelligence, offering detailed insights on:
- Challenges in making threat intel actionable;
- Designing a threat intelligence lifecycle for your organization;
- Incorporating next-generation technologies, including artificial intelligence and machine learning.
Thapar is the managing principal, risk services - APJ, at Verizon Enterprise Solutions. His experience includes designing, implementing and managing information security management systems for organizations. Thapar has written several white papers and articles on information security topics. He also has been a featured speaker at several industry events.