The importance of intelligence in security operation centers – Part 2

This is the second part of this article, if you wish to read the first part please click here...

Modern cyber intelligence tools have many different capabilities, the modern tools are based on big data analysis capabilities, verity of relevant sources and combination of Comprehensive capabilities

Here is a list that summarizes the important ones:

What organizations needs to know when picking a cyber Intelligence Technology:

1.  Information that is tailored to the company's digitals assets – specific information on the company's assets.
2.  Real live online data flow.
3. Easy configuration.
4. Layers of analyst’s support.
5. Remediation tools and capabilities – for example the ability to address Facebook to take down fake sites.
6. Built-in IOCs (Indications of compromise) and live online data flow.
7. The ability to easily integrate the system outputs with the organization SIEM.

The organization's ability to create value by using cyber intelligence is based on different variables like:

• Organization asset understanding – the understanding of what are the organization’s assets that needed to protection. In many cases when asking different rolls in the organization "what are the assets that you need to protect", you will get a variety of different answers from different people.
• System configuration – after understanding your organization’s assets, you need to understand how to configure your system to get the optimal data.
• Intelligence Data source – there are many data sources out there, most of them are not specifically relevant to your organization, industry or country. There for dealing with the amount of data and picking the relevant sources is crucial.
• Data analyzing – how to connect the dots and to create a coherent picture of the treat.
• The process of mitigating and treating the threats that are found, for example, if you found that someone registered a domain with a very similar name to your domain “myname-good.com” and he register it under “myneme-good.com”, you need to approach the organization that register it and ask them to check it up, if that process exists, this can take many resources from your team.

In conclusion, using cyber Intelligence capabilities can be crucial for many organizations. By using intelligence, organizations can find many types of indications that can prevent the next attack on the organization and in some cases, deal with organization’s reputation damages. But, as many other issues in security, it’s not just about if you use it or not, a very important issue is on how you use and what you are doing with the data that you found.