Today, all organisations face threats from targeted, sophisticated attacks by well resourced and motivated criminals who are looking to conduct industrial espionage for the purpose of stealing trade secrets or intellectual property, to disrupt operations or cause damage to vital infrastructure. The exploits that they use are much harder to defend against than those of yesteryear and many are specifically designed to defeat traditional, reactive security controls that are only useful in guarding against known threats.
In the light of factors such as these, a new approach to security is needed-one that takes an integrated, systemic approach to security as part of an organisation's overall risk management efforts. This needs to be driven by intelligence garnered from data sources throughout the organisation, combined with that from external sources. The ability to harness actionable data from such sources will allow organisations to better predict, uncover and defend against attacks using exploits not previously seen. In this way, they can reduce the overall risks that they face and the overall security of their operations will be boosted.
However, organisations are generating huge and ever-growing volumes of information from their networks, including that related to security, and the ability to collect, analyse and correlate vast volumes of data from disparate sources in various formats poses a real challenge that requires the use of specialised tools.
This document discusses the need for an intelligence-driven security approach and aims to provide pointers for security executives regarding what the components of a security intelligence programme should be and other considerations to bear in mind during the selection or upgrade process.