Forsythe is a leading IT company that provides security and advisory solutions for Fortune 1000 organizations to enhance their agility and security. The document emphasizes the importance of commercial threat intelligence in defending against cyber threats, suggesting that a strategic understanding of an organization's assets and capabilities is essential. It also highlights the need for effective operationalization of threat intelligence to improve security measures and respond efficiently to threats.

2. Forsythe is a leading enterprise IT company,
providing advisory services, security, hosting
and technology solutions for Fortune 1000
organizations. Forsythe helps clients
optimize, modernize and innovate their IT to
become agile, secure, digital businesses.
www.forsythe.com
About Forsythe

4. In 207 BC, when
information traveled no faster
than a horse could ride…

5. …it was intelligence that led Rome to its critical
victory over Carthage during the Punic Wars.

6. Fast forward 2,000 years,

7. and intelligence is more important than ever.

8. Countries have spent
trillions of dollars building
up military forces to protect
their interests and deter
attacks by…

9. air land sea

10. But the biggest threat to security today comes
not from ground forces or air power,

11. but from cyberspace.

12. There are no rules of engagement in cyber
warfare when it comes to corporate data.

13. Enterprises in all industries are attractive targets…

14. …and most are not adequately
prepared to defend themselves.

15. According to PWC’s 2016 Global State
of Information Security Survey…

16. …theft of hard intellectual property
increased 56 percent in 2015.

17. The best form of defense against attacks and
those who perpetrate them is to know about them.

18. But for many organizations, good
quality intelligence is hard to come by.

19. Commercial threat intelligence technology and services
can help enterprises arm themselves with…

20. strategic
insights
tactical
insights
operational
insights

21. …enabling them to identify and respond
to global threat activity, and integrate
intelligence into their security programs.

22. Per Gartner, by 2018…

23. 60% of large enterprises globally will utilize
commercial threat intelligence services
to help inform their security strategies.*
*Gartner, Smarter with Gartner, Use Threat Intelligence Services for an Agile Defense, June 10, 2015,
http://www.gartner.com/smarterwithgartner/use-threat-intelligence-services-for-an-agile-defense/

25. It is important to note that…

26. …threat data is not the
same as threat intelligence.

27. The difference?

28. Threat data is information without context.

29. Whereas…

30. Threat intelligence incorporates the
background that makes the information
relevant to an organization or industry.

31. Sorting through threat data and
operationalizing threat intelligence….

32. …can be overwhelming

33. But it doesn’t have to be.

35. Know your environment in and out.

36. In order to be applied, threat intelligence needs to
be supported by a solid understanding of your
assets, and what’s going on in your network.

37. Some questions to ask yourself…

38. What are your most valuable
information assets?
Where are these assets?
When are these assets
being accessed?
Who has access to
these assets and why?

39. Establish your business goals.

40. What are your overall business drivers?

41. protection? detection? attribution &
prosecution?

42. And what are you looking to
accomplish with threat intelligence?

43. Common goals include…

44. Enhancing automated
prevention
Shortening the lifecycle of
detection and remediation
Automating security
operations and
remediation efforts
Centralizing threat
intelligence programs and
standardizing processes

45. Assess your capabilities.

46. Establishing an understanding of
current capabilities is critical.

47. To help to determine your existing capabilities and
what is currently going on in your environment,
consider services such as…

48. vulnerability
assessments
architecture
assessments
compromise
assessments

49. They should be leveraged as part of a
continuous vulnerability management
program as you move forward.

50. Research available products and services.

51. There are a lot of threat intelligence services
you can subscribe to. Each offers…

52. different numbers
of indicators
different levels of
relevance and context

53. And there are varying levels of effort involved
in leveraging the information they provide.

54. Internal
Standardized
Highly targeted intelligence | Unrestricted usage
Commercial
Vendor-specific
Moderately targeted intelligence | Usage is restricted
Some standardization
Moderately targeted intelligence | Usage is restricted
Community
Varied formats
Little targeted intelligence | Usage restrictions vary
Open Source
Intelligence
Sources

55. Avoid drinking from the firehose.

56. The analytic value of threat data varies; while
certain details can be useful, like…

57. subject linesattachment names
malicious IP addresses domains

58. …they are often used only once, and are
therefore not good indicators on their own.

59. Knowing the difference between valuable
threat data and “noise” will go a long way.

60. only on what applies to your business.Focus

61. Share and share alike.

62. Sharing non-compromising information will help other
organizations learn more about specific threats.

63. Build circles of trust with organizations in the
same vertical that are not direct competitors.

64. This facilitates the sharing of…

65. security
principles
threats mitigation
advice

67. In today’s threat landscape, without a threat
intelligence-focused strategy…

69. The bad guys are getting faster and faster. Intelligence
provides a way for organizations to…

71. Get the insight needed
into attackers’ plans

72. Get the insight needed
into attackers’ plans
Prioritize and respond
to threats

73. Get the insight needed
into attackers’ plans
Shorten the time between
attack and detection
Prioritize and respond
to threats

74. Get the insight needed
into attackers’ plans
Focus staff efforts and
decision-making
Shorten the time between
attack and detection
Prioritize and respond
to threats

75. Properly operationalized, it’s a powerful tool
for enhancing the security of your…

76. enterprisenetwork
data employees

77. http://focussecurity.forsythe.com/articles/492/6-
Steps-for-Operationalizing-Threat-Intelligence

78. http://focus.forsythe.com

79. Authors:
David O'Leary
Director, Forsythe Security Solutions
David Hove
Practice Manager, Forsythe Security Solutions
Aaron Smith
Master Consultant, Forsythe Security Solutions
Shariq Hassan
Senior Consultant, Forsythe Security Solutions
Anne Grahn
Senior Communications Specialist,
Forsythe Security Solutions
Forsythe is a leading enterprise IT company,
providing advisory services, security, hosting
and technology solutions for Fortune 1000
organizations. Forsythe helps clients
optimize, modernize and innovate their IT to
become agile, secure, digital businesses.
www.forsythe.com