2. Threat Intelligence
Threat intelligence goes far beyond patch and vulnerability management, Thompson said. Real threat intelligence is a capability that ties human analysts to metadata about attacker profiles, attack signatures, the timing of the attack, Internet advanced warning indicators, and information about the target, answering such questions as what kind of data is on the host, what is it connected to, what is its current posture, what could potentially be exploited, what are recent attack patterns and from where did they originate? When armed with this intelligence, a SOC can provide predictive analysis and early warning and mitigate threats before or during the attack with the utmost efficiency and complete it with effective executive communication.