Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Lean Threat Intelligence SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lean Threat Intelligence

Zach Allen over at Fastly has published a couple of posts on Lean Threat Intelligence.  

Part 1 describes a methodology for Threat Intelligence planning and design that can be reused virtually anywhere.  It focuses on the problem to be solved, not the technology to solve it.

I love how this posts boils Threat Intelligence down to a business problem to be solved, not a technology to be deployed.  Too often we deploy expensive and costly to manage technology products without understanding the specific problem that is to be solved, then the product winds up underutilized or is unsuitable.  As a security industry we need to spend more effort on the problem to be solved,considering the impact on people and processes, before evaluating a technology product. A lot of times an expensive technology is not necessary to solve the problem.

Part 2 is more technical.  It gets into the implementation of a Threat Intelligence system using only open source products.

Definitely a good read if you are interested in deploying Threat Intelligence on the cheap.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

294 Posts
ISC Handler
Very Nice Article. The Lean Thread Intelligence is something that is getting more and more. Also the Lean Start Up.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!