Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Lean Threat Intelligence InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Lean Threat Intelligence

Published: 2016-05-02
Last Updated: 2016-05-02 17:26:39 UTC
by Rick Wanner (Version: 1)
1 comment(s)

Zach Allen over at Fastly has published a couple of posts on Lean Threat Intelligence.  

Part 1 describes a methodology for Threat Intelligence planning and design that can be reused virtually anywhere.  It focuses on the problem to be solved, not the technology to solve it.

I love how this posts boils Threat Intelligence down to a business problem to be solved, not a technology to be deployed.  Too often we deploy expensive and costly to manage technology products without understanding the specific problem that is to be solved, then the product winds up underutilized or is unsuitable.  As a security industry we need to spend more effort on the problem to be solved,considering the impact on people and processes, before evaluating a technology product. A lot of times an expensive technology is not necessary to solve the problem.

Part 2 is more technical.  It gets into the implementation of a Threat Intelligence system using only open source products.

Definitely a good read if you are interested in deploying Threat Intelligence on the cheap.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

1 comment(s)
Diary Archives