Implementing an Intelligence-Driven Security Strategy: 10 Data Points

by Chris Preimesberger

There are a lot of questions to ask before embarking on a new strategy. What are the risks to the organization? What are its vulnerabilities? How well is it defending against those at any given point in time? Without visibility into risk, organizations can’t design optimal defense strategies or appropriately prioritize activities.

Network visibility needs to go to beyond what we have today, from logs and events, down to the packet and session level to spot faint signals that indicate advanced threats.

Organizations need to understand who (or what) is on their networks, what they are doing and whether that behavior is appropriate.

Organizations need to know what’s happening inside key applications that drive the business. Good monitoring and controls can handle this.

Analysis involves understanding normal state behavior and then looking for anomalies. By knowing what is “normal,” an organization can then spot, investigate and root out anomalies that result from malicious activity.

Consistent and rapid response to confirmed anomalies allows organizations to mitigate potential threats by enforcing controls such as access restrictions or additional authentication. Action also results in remediation processes and activity.

An intelligence-driven security strategy emphasizes detection, analysis and action, while de-emphasizing static, signature-based perimeter detection. This “even-split” approach understands the modern threat landscape and allocates resources accordingly. This includes creating a better balance between monitoring, response and prevention.

Intelligence-driven security reduces the number of point products and fuses together otherwise disjointed data sets and tools, increasing both security and operational efficiency.

With the ability to identify attacks in a more timely fashion, intelligence-driven security reduces bottom-line loss that often results from an undetected breach.

Automation and sophistication aids in freeing already overburdened employees, focusing them on what matters to defend the organization, and can elevate average performers into vital components of a winning IT security staff.