My Problem With Threat Intelligence
For the majority of companies, implementing Threat Intelligence is the equivalent of fixing one’s hair while bleeding out from a gunshot wound.
Do you have a fully updated asset management system?
Are you patched?
Do you know what traffic is leaving your network?
Doing all three of those is the white belt of InfoSec. It’s also the brown belt. Threat Intelligence is the Black Belt, and you’re not ready.
When you can tell me:
what assets you have, internally and externally
what software they’re running
that all these assets are patched
and that you know exactly what traffic leaves your network
…then you’ll be a strong beginner. Then we can talk about level 2, or blue belt, or whatever metaphor we’re using. But most companies are nowhere near that.
Stand. Walk. Run. In that order.
If you don’t have a list of everything you need to protect, and you’re over a year behind on patches, you’re bleeding out, man.
Fix your hair later.
Jeremiah Grossman adds to the analogy by saying that instead of learning how to jits, many companies opt to purchase Affliction shirts.