Approximately 2,500 years ago, Sun Tzu, a Chinese general known as a great military strategist, allegedly wrote a book entitled The Art of War. Historians are still debating whether Sun Tzu was the actual author, and there are some who question whether he ever existed. However, over the centuries, various quotes attributed to Sun Tzu have found their way into popular usage. One passage seems especially appropriate when considering the issue of cybersecurity. In condensed form, the passage advises that the key to winning battles is to know both yourself and your enemy. Knowing only yourself will result in one defeat for each victory; knowing neither yourself nor your enemy results in your defeat every time. Unfortunately, many people who are responsible for defending against threats lack thorough knowledge of their enemies as well as their own capabilities. Furthermore, it is quite common to gain a false sense of security from merely gathering intelligence about threats. In reality, threat intelligence alone will not provide you with the protection that you need.
Amassing Threat Intelligence Is Futile Unless You Act Upon It
Suppose the police warn you that a ring of car thieves has been operating in your neighborhood. So far, all of the vehicles taken have been unlocked and parked in the driveway. You might decide to immediately start locking your car and parking it in your garage. The thieves might still manage to steal your car, but you have made it more difficult, thereby reducing your risks. However, if you procrastinate and continue parking your unlocked car in your driveway for a few days, you are increasing your risks. You are also increasing your risks if you grow weary of keeping your car secure and return to your old ways.
Similarly, if you do not act to foil the bad actors after you learn about a threat, the information will be useless to you. The longer it takes you to use the intelligence you have gathered to detect and react to a threat, the greater your risks will be. If you lower your guard for any reason, you are also increasing your risks.
Collecting Too Much Intelligence Can Backfire
When it comes to threat intelligence, quality is more important than quantity. Although it is true that a variety of sources can help ensure that you will have the intelligence that you need, there is no advantage to having 50 sources that consistently deliver identical information. Unfortunately, some security teams become focused on accumulating as much intelligence as possible without regard to the quality of the source. They can become so preoccupied with setting up new data feeds that they neglect other security measures. They may also fail to consider how policies and procedures may need to be updated to make effective use of intelligence. In today’s environment, experienced cybersecurity experts are in short supply, so many companies are sorely understaffed or forced to rely on inexperienced or unqualified staff members for security. Therefore, in some cases, gathering intelligence can be a distraction that can be counterproductive to keeping the system secure.
Using Threat Intelligence Correctly Is More Difficult Than Some People Believe
It is not very difficult to set up data feeds and collect third-party threat intelligence. However, it is far easier to incorporate threat intelligence into detection and response controls than it is to incorporate threat intelligence into static preventative controls. Static controls hinder agility, and agility is critical if you want to optimize protection.
How Abusix Raw Threat Intelligence Can Help
At Abusix, we process more than 12 billion threat indicators daily. We offer the most comprehensive threat data, including spam, malware, and URL threat intelligence. Contact us today to learn more about our products and solutions.