10 Vital Features You Need In A Threat Intelligence Platform
From visibility into dark web data and managing third-party and infrastructure risk to shifting intelligence onto the device itself, here’s where threat intelligence companies should be making investments.
Shift Intelligence From SOC Onto The Device
No security operations team can possibly track the over 6 billion devices connected to the internet, meaning that decisions can be made faster if intelligence is pushed beyond the SOC and onto firewalls and mobile devices, said Petko Stoyanov, Forcepoint’s global chief technology officer. By shifting intelligence onto the device, the time needed to detect and block threats is greatly reduced, he said.
Ingesting more intelligence and pushing data back onto the device also results in threats being blocked before they even arrive, according to Stoyanov. Sandboxing, real-time classification and validating content on websites manually enhances the efficacy of threat intelligence feeds while giving vendors greater control over their data, Stoyanov said.
Technology is typically designed to create more logs and alerts, forcing organizations to redouble their efforts to get away from the noise and make actionable intelligence decisions, Stoyanov said. Validating data and putting it into a known good structure such as Microsoft Word or PowerPoint makes it harder for ransomware to hide in customer data, according to Stoyanov.