Buzz words always annoy me, both their use and the lack of thought that people put into them. To me, “threat intel” has always been one of those things. “You need to integrate a threat intelligence platform into your risk mitigation plan.” ← actual words that were said to me once. That’s sounds like just meaningless wharglbhargl.
But someone recommended this book, entitled Effective Threat Intelligence by James Dietle, and it was on sale on Amazon and I thought “what the heck.” Turns out, it is a good read. A nice primer.
If I had to sum the book up it would be this: you’re already doing threat intelligence. Reading your twitter feed, blogs, news sites, or even the curated lists and products provided by vendors. Everyone is doing this to some degree. There are two main concerns when thinking about threat intelligence: is what you are doing effective and is it customized to your specific environment?
Beyond the hype, the idea of threat intelligence is pretty integral to the security of a given environment. Analysts are always harping on the necessity of knowing your environment, that means understanding what are the threats and what are not the threats. Both of these data points can be useful. Once the possible threats are understood to some degree that is when it is possible to customize the threat intelligence you are already getting to the environment.
All of this is obvious, and yet not being done in many cases. Vulnerability management is done by severity rather than risk management with a proper threat analysis backing that up. Did you patch all the purples? Maybe the reds? Then you won. But if you are doing your “threat intelligence” well, you know that isn’t the truth. The news and twitters and <insert source> are full of examples of organizations failing to properly analyze their environments and, even in a relatively robust VM program, paying for it.
The book is only a primer, it doesn’t get deep on any particular topic. I do like that it addresses team dynamics and incident response to some degree, and that it looks at the human factor behind a lot of the issues.It is a short book, but a good jumping off point to many more specific books on the subject and I really like that. There are a thousand different ways a person could go after reading this book and then wanting to know more.
I’m glad I read that, but now school has started and I’m starting a new job so no more luxury reading for me. 3 classes to go then I am done with college. My big data/systems engineering course seems like a mountain of information. And my other course is… incident response/threat intelligence! Still working on the lab and coding and side projects, as always, but that work is going to slow way down with the school load creeping in.
Also, I’m volunteering for B-Sides DC and coming up with new ideas for talks at NOVAHackers. I plan on giving a talk there in October, depending on if my idea pans out and is interesting. I’ve had a dozen ideas but the one I think I am going with is breaking down Hackerboxes, seeing if I can work through them with my daughter and if they are a good value compared to buying the parts separately at Amazon or Microcenter or something. We shall see. Also at B-Sides DC, a full day class on Bro. I hope to have some time to spend on that beforehand so I can really get the most of the class when I go.
So much going on, it is hard to keep my goals in mind. It’s a challenge to be sure.