Abstract
Connecting the dots is a symbolic way of stating we want to discuss all the topics within the preceding chapters by interweaving other related topics to show the value threat forecasting has for your organization. This chapter is broken into five main sections ranging from the comparing and contrasting of historical threat reporting and threat forecasting, to real-world examples where threat forecasting played a role or could have played a role in some of the major data breaches in recent time.The first section discusses historical threat reporting and its relationship to threat forecasting. When discussing this topic with fellow colleagues in the information security industry, there was an automatic assumption that we no longer believe this is of any value. The opposite is in fact true. Historical threat reporting provides great value to organizations around the world, and these types of reports are available from security product vendors to security intelligence companies. There are several pitfalls associated with historical threat reports, however these are overcome when applying threat forecasting within your organization.The next section dives into the state of the security industry by discussing the types of threats security products deal with as well as analyzing data from a third party, independent security testing lab. The types of threats security products need to deal with can be broken into three types. These are threats completely known to the security product, threats detected partially by the security product and threats completely unknown to the security product. The final type is where security products are the weakest and this is where threat intelligence combined with threat forecasting can help improve the gaps in your security coverage thus limiting exposure to your threat landscape. These unknown threats are best highlighted by the data within the study carried out by the cited independent testing lab, as they show, historically, that security products have had security efficacy issues.Finally, we will outline how you can begin to apply threat forecasting techniques within your organization. We will give you a three-phased approach to entering threat forecasting to help lower the barrier to entry and make this new technique more accessible. Phase 1 focuses on research into threat intelligence feeds and improvements in your organization’s existing security practices. Phase 2 introduces the creation of knowledge elements and helps you to begin threat modeling (and thus begin threat forecasting) using your data and, eventually, data from at least one threat intelligence feed. In the third and final phase you jump in with both feet and begin contributing to the threat intelligence community. Knowledge is power and by sharing knowledge elements you are enabling the global threat intelligence community through more actionable intelligence, as they are enabling your organization via your subscription to the feeds you are accessing. Successful implementation of threat forecasting techniques, powered by big data, will give you the data you need to better understand your organization’s threat landscape and give you actionable intelligence so that your organization can help prevent the next major data breach.This chapter is a call to action to begin applying the techniques within this book to improve your organization’s security practices and procedures and begin threat forecasting.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.