Threat Intelligence Feeds: The Good, the Bad and the Ugly


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Tuesday, September 28, 2021

Threat intelligence feeds can offer valuable insight for security teams, but you need to be sure you can separate useful information from the noise.

Article 4 Minutes
Threat Intelligence Feeds: The Good, the Bad and the Ugly
  • Home
  • IT
  • Security
  • Threat Intelligence Feeds: The Good, the Bad and the Ugly

Keeping up-to-date with the latest cybersecurity threats is vital for all businesses in today's environment. With hacking groups becoming more professional and sophisticated, criminals are constantly looking for new ways to bypass defenses, so it's vital IT pros are also aware of any new tactics being used.

However, many businesses don't take full advantage of the resources available to help protect them from emerging threats. For instance, research by PwC revealed only around half of chief information officers and chief security officers (51%) monitor and analyze threat intelligence.

This is despite the fact that, when applied properly, threat intelligence feeds can provide vital insight into what your security team needs to be doing.

However, such measures aren't a silver bullet. With such a wide range of data out there, it can be hard to separate the signal from the noise. So how can you benefit from threat intelligence feeds, and what potential pitfalls do you need to be aware of before adding them to your cyber security strategy?

Why you should use threat intelligence feeds

According to IBM, in 2019, it took the average business 207 days just to identify that they had suffered a data breach - and then a further 73 days on top of this to contain it. As a result, the average data breach incident costs firms $3.86 million.

One good way to minimize your risk of falling victim to a breach is to use threat intelligence feeds. These offer businesses a stream of up-to-date information on new security risks. They can highlight potential sources of attack and ensure your security team knows what to look for.

A good threat intelligence feed will use data analytics to help users sift through the information and prioritize the biggest risks. Offering actionable intelligence enables security professionals to take the right action to mitigate risks and prevent attacks before they can have an impact.

As a result, you can be better-informed about the threats your firm faces. This will enable you to focus attention on the most pressing issues and ensure you're not spending unnecessary time and effort on areas where risks are low.

The drawbacks to be aware of

However, simply using these feeds alone isn’t enough to protect your business. One potential issue that must be addressed is ensuring the quality of the information you receive. When signing up for any threat intelligence service, it's important to know where the data is coming from and how trustworthy it is.

There are a range of ways in which threat intelligence feeds can be compiled, and it's vital you understand what these are and what it means for the quality of the data. For example, some services use open-source data, which anyone can contribute to. As a result, it often provides large volumes of information, but there are often questions over its reliability and relevance.

Quality of data may be a particular issue if you're using free intelligent feeds. A reliance on publicly-available data may also mean you're not getting the whole picture, whereas paid-for services that can offer private data - often obtained directly from third-party security vendors - can often offer more useful and targeted information.

Even if you can find a trustworthy, relevant threat intelligence solution, this won’t be of use unless you have the internal resources to respond effectively. For instance, do you have people within your organization with the right expertise in data analytics to interpret what they're looking at? And even if they do, do they have the tools and support they need to act on it?

Making the right choice to protect your business

Different feeds will typically provide varying amounts of data. Some will offer largely raw and unprocessed data that your team will then have to interpret. Others provide more structured information that offers more context, but may also require a greater financial investment.

Key questions you need to ask about threat intelligence feeds include:

  • Data sources: Where is the information coming from?
  • Data types: Is it raw or processed?
  • Relevance: How will it apply to your business type or circumstance?

For example, a free-tier open source intelligence feed may provide a list of raw URLs or IP addresses that have been flagged as potential threats. But a more advanced service will identify those that are actively hosting malicious content - this is the difference between simply providing data and offering real-world information.

The next step up from this is intelligence, which is separated from information by offering actionable insight that can be used in your decision-making. This is often where paid intelligence feeds can stand out from alternative options, as they provide more context to the information, allowing businesses to identify their top priorities and take proactive action to protect their networks.

If you're looking to economize on threat intelligence by relying on free services, you need to be aware that this could cost you later on. For example, it may mean you need to devote more resources to interpreting the data. However, make the right choice and you can greatly boost the effectiveness of your security strategy.


Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...