Defense in Depth
Improving the Efficiency of Your Threat Intelligence

We're increasingly using threat intelligence to move our organizations to a more proactive security posture, making them more resilient against cyberattacks. It's a combination effort to make the SOC both efficient and effective.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is our sponsored guest Jason Steer, CISO, Recorded Future.

Listen to the full episode here.

We don't need more indicators

Translating generic threat intelligence into meaningful, business-specific action remains a major hurdle for security leaders. “The challenge has ALWAYS been how to correlate ‘general’ threats to your ‘specific’ business AND utilize that to make your team more efficient,” said Larry Whiteside Jr. of Confide. That efficiency, however, only matters if it moves the business forward. Ryan Franklin of Amazon argued that too much threat intelligence lacks impact, noting, “Threat intelligence is a sunk cost unless we use it to drive initiatives that reduce business risk. I don’t need more indicators or more updates on what random APT groups are doing. Instead, I need more white papers on the different ways the business operates that pose the greatest risk to our customers and profitability.”

Creating more work

Let's face it, traditional threat intelligence and security tooling get a lot of skepticism when it comes to business value. “I have never found good business value in Threat Intel programs. What I would like to get out of it is effectively prioritizing vulnerabilities. AI hasn't been able to do it yet,” said Andrew Wilder of Vetcor. Viresh Garg of TechDemocracy echoed the frustration with current tools, arguing that they overwhelm operations without delivering clarity. “Security tools create too much work for operations—too much data, noise, and manual effort to assess severity and response,” he said. “Security AI must evolve from isolated visibility to automated, contextualized response intelligence. We have enough data, let's not focus on getting more data, but rather get the best out of existing data first!”

Generating actionable intelligence

Improving threat intelligence must be rooted in making faster, more informed decisions that drive resilience and response. “From what I’ve seen, automating repetitive tasks and using AI for real-time analysis can drastically improve efficiency,” said Antony Shebanov of SOC Jedi.AI. “The goal should be actionable intel that helps defend and build resilience. It’s about acting quickly, not just identifying a threat.” He noted there's a common disconnect between threat intel and the SOC. It's a gap that AI can help close by sharpening the relevance and timing of information. Tony Gonzalez of Innervision Services LLC expanded on the balance between efficiency and effectiveness, noting that “effectiveness of threat intelligence programs measures how thoroughly threats are identified, prioritized and appropriately mitigated or remediated,” while efficiency is about how seamlessly teams can collect intelligence, assess impact, and act.

Design for what you can do

Threat intelligence gets overcomplicated by focusing on threat actors and motives rather than actionable risks. “For most orgs, threat intelligence should be impersonal. Just highlight the vulnerabilities that are actively being exploited,” said Duane Gran of Converge Technology Solutions Corp. “Few orgs have the target value or sophistication to concern themselves with threat actors or their motives, and if you want to be efficient, focus on what they are breaking, not who they are.” Kristy Westphal of Spirent Communications emphasized the importance of building structure before chasing outcomes. “I think if organizations start with actually designing and supporting a program for threat intelligence, that's half the battle,” she said.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. 

Huge thanks to our sponsor, Recorded Future

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

Remote Work Is Shaping New Cybersecurity Careers

At Zero Trust World in Orlando, David Spark spoke with Gerald Auger of Simply Cyber about how the next wave of cybersecurity talent is entering the industry, and what makes this generation different.

Gerald highlighted the growing number of career changers and IT professionals pivoting into cybersecurity, bringing diverse experience and fresh thinking.

He also offered advice for newcomers and explained why being a lifelong learner is the key to breaking in and staying relevant.

Watch the full video here.

Huge thanks to our sponsor, ThreatLocker

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Rusty Waldron, chief business security officer, ADP.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Cyber chatter from around the web...
Jump in on these conversations

“Doing good in the world as a Cybersecurity Professional?” (More here)

“No Warrant, No Problem: How Governments Are Building the Surveillance Super App” (More here)

“Vulnerability management for ISO 27001, how do you keep up?” (More here)

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.