Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues.
Crossing the Last Mile With Threat Intelligence
Security vendors and white hat researchers continuously seek new indicators of vulnerability. Once found, they convert them into prevention and detection controls and deploy them as quickly as possible. This is called actionable intelligence. The problem for the past decade is that most network defenders take days, weeks or even months to finish the last mile—if they do it at all.
What is needed is an automatic way to make the journey. Instead of analysts reading intelligence reports, deciding that the intelligence is pertinent to their environment, crafting prevention and detection controls for their deployed systems, and then deploying those controls, network defenders will, in the future, rely on automated systems which do that for them. They will have to trust that the automation will not take the network down.
Read more predictions on The Cipher Brief.
[Palo Alto Networks Research Center]