My Problem With Threat Intelligence

August 14, 2015

For the majority of companies, implementing Threat Intelligence is the equivalent of fixing one’s hair while bleeding out from a gunshot wound.

Do you have a fully updated asset management system?
Are you patched?
Do you know what traffic is leaving your network?

Doing all three of those is the white belt of InfoSec. It’s also the brown belt. Threat Intelligence is the Black Belt, and you’re not ready.

When you can tell me:

what assets you have, internally and externally
what software they’re running
that all these assets are patched
and that you know exactly what traffic leaves your network

…then you’ll be a strong beginner. Then we can talk about level 2, or blue belt, or whatever metaphor we’re using. But most companies are nowhere near that.

Stand. Walk. Run. In that order.

If you don’t have a list of everything you need to protect, and you’re over a year behind on patches, you’re bleeding out, man.

Fix your hair later.

Notes

Jeremiah Grossman adds to the analogy by saying that instead of learning how to jits, many companies opt to purchase Affliction shirts.

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

For 29.4920 years I've been creating ad-free technical tutorials and essays here. 3,039 pieces and counting.

It's a one-person effort that's also my livelihood. If it makes your day easier or more pleasant in any way, please consider supporting the work with a monthly or one-time donation.

It helps me make more content, and is deeply appreciated as well. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT