Articles from January 16-22
Dive into this past week’s security news:
4 essentials to creating a world-class threat intelligence program
Michael Kassner | TechRepublic | Jan. 22, 2016
Businesses, large and small, are changing tactics when it comes to information security. Rather than spend hard-earned cash attempting to cover every base defensively, company officials are developing information security postures based on the outcome of risk assessments. The purpose of risk assessment, according to the 2012 Guide for Conducting Risk Assessments, is to inform decision makers and support their responses by identifying relevant threats to organizations, vulnerabilities both internal and external, likelihood that harm will occur, and impact to organizations resulting from a successful attack. Any successful threat intelligence program requires an operational and strategic component, involving expert analysis of how current and future threats will affect the business and its assets.
Got threat intelligence data? The value will vary
Fahmida Rashid | InfoWorld | Jan. 21, 2016
Former analyst Rick Holland speaks with Fahmida Rashid about the future of threat intelligence and his new role at threat intel provider Digital Shadows. Organizations are critical of threat intelligence because they don’t see how the indicators they receive are relevant to their organizations. The feeds contain details that aren’t for their geographic location, don’t match their industry, and don’t fit their threat models. They are “more indicators of exhaustion that overwhelm users,” Holland said. “The first piece of threat intelligence is getting the funnel to give better data, to enrich what you are getting,” Holland said. The second is figuring out how to use the information being provided — which is where APIs come in.
Deloitte 2016 Trends Study Finds Analytics Essential for IT Success
Chris Preimesberger | eWEEK | Jan. 22, 2016
eWEEK editor Chris Preimesberger reports on the third annual Deloitte Trends Study, which identifies several trends. The first trend involves security: Enterprises are no longer satisfied with simply “locking the doors” where cyber-security is concerned and are instead going on the offensive by employing more predictive approaches to threat intelligence and monitoring. This, along with other trends detailed in the 2016 report, is driving significant changes in the types of investments the C-suite is making to support business priorities.
FireEye to grow intelligence capabilities with iSight Partners deal
Jeremy Kirk | CSO | Jan. 21, 2016
FireEye has acquired Texas-based iSight Partners for $200 million, a deal that executives say will give FireEye stronger intelligence on cybercriminal and hacking groups before they strike. Intelligence capabilities made iSight attractive, said Travis Reese, president of FireEye’s Mandiant subsidiary. While FireEye and Mandiant study how attacks affect victims, iSight collects intelligence about the attackers.