One of the most promising developments I’ve seen in threat intelligence over the last year or so is a greater emphasis on use cases. And it’s easy to see why: A use case-centric threat intelligence strategy, when executed properly, can yield clear and abundant benefits — from better alignment with business objectives, to more efficient resource allocation, to stronger security and reduced risk.
Less promising, however, is what’s often left out of this conservation. Despite ample focus on the fact that use cases are beneficial, there is less discussion of where, how, and which use cases need to be integrated and executed within a threat intelligence operation in order to yield the benefits we keep touting.
And when we don’t pay sufficient attention to these details, it becomes easy to view use cases as a standardized “checkbox” item rather than a strategy that, when tailored appropriately, can help us satisfy the objective(s) of an intelligence operation more efficiently and effectively.
For example, let’s consider a fairly common use case: brand monitoring, which typically entails monitoring various online venues for negative or otherwise notable information related to a company’s brand. This use case is traditionally relegated to brand protection teams, but more organizations are embracing a converged approach that integrates complementary activities and objectives of brand monitoring across brand protection and threat intelligence teams.
Now suppose we have two different threat intelligence practitioners, who we’ll call Jane and John, from two different Fortune 500 banks. Each is involved with brand monitoring , but their approaches to this use case are quite different.
Jane has recently been working alongside the brand protection team to help satisfy the intellige ..
Support the originator by clicking the read the rest link below.
