It is now becoming widely recognized that a mature threat intelligence program can greatly assist defenders in effectively deploying their precious and limited resources. However, creating and running a mature threat intelligence program is simultaneously often seen as often expensive to run, difficult to properly operationalize, and full of false positives if a lot of time and care is not spent on curation. There is also pushback on how intelligence programs take resources from the "block and tackle" aspects of cybersecurity - ie, when 90% of breaches originate from a simple phish or social engineering, focusing on threat intelligence is a distraction.
How does the industry feel about the role of threat intelligence? This is your opportunity to ask those on the frontlines this important question. Several CTI experts have agreed to join us and share their views on the 'friend or foe' question. They'll also happy to answer other related CTI questions.
Auditorium Borderless Cyber USA / Washington D.C. / 3-5 October 2018 jharnad@oasis-open.orgIt is now becoming widely recognized that a mature threat intelligence program can greatly assist defenders in effectively deploying their precious and limited resources. However, creating and running a mature threat intelligence program is simultaneously often seen as often expensive to run, difficult to properly operationalize, and full of false positives if a lot of time and care is not spent on curation. There is also pushback on how intelligence programs take resources from the "block and tackle" aspects of cybersecurity - ie, when 90% of breaches originate from a simple phish or social engineering, focusing on threat intelligence is a distraction.
How does the industry feel about the role of threat intelligence? This is your opportunity to ask those on the frontlines this important question. Several CTI experts have agreed to join us and share their views on the 'friend or foe' question. They'll also happy to answer other related CTI questions.