Blog details

Helping Security Teams Bridge Gaps in Threat Intelligence Efforts

Doug Helton, Chief Strategy Officer, VP of Intelligence

Whether just dipping your toes into threat intelligence, formalizing an intelligence program, maturing an existing program, or scratching your head trying to figure out why your intel program isn’t delivering the value you expected, it helps to break down what goes into effectively managing threat intelligence into more manageable pieces. First, solid intelligence management foundations are a must. Once the foundation is in place, a framework for executing on the program strategy is next. This framework consists of tools, data sources, and people; or more specifically, an analyst workbench, intelligence, and intel analysts. Finally, teams can design and deploy processes, workflows, and automation where it makes sense.

 

In creating our new services team, the Culper Group, we looked at how we could uniquely provide solutions to address each of these framework pillars as well as those foundational program elements as we built out our Threat Intelligence service offerings.

Intelligence Foundations

Regardless of where a security organization sits on an intelligence maturity model, the absolute most important component is developing a sound strategy. At a minimum, discuss and document the following:

  • What and whom intelligence should support 
  • What information gaps and decisions need supported
  • Documented threat model 
  • Inventory of current intelligence sources, both external and internal

The above points are probably the most critical –  yet least discussed –  and one of the single greatest weaknesses of most intelligence programs today. This is something that is conceptually easy, but practical implementation can be complicated. These complications arise from a need to educate key security and business stakeholders on the role and value of threat intelligence; a need to clearly understand the ‘crown jewel’s of intellectual property, customer data, or critical business processes as well as the underlying technologies and systems supporting them; and a need to understand controls and capabilities within security architecture and monitoring systems to identify where vulnerabilities to exploits and specific adversary tactics, techniques, and procedures lie. 

Whether seeking to shore up an existing program or start a new one-off on the right foot, we can help guide you through the process with our Culper Managed Threat Intelligence offering. Our team can help design, implement, and manage your threat intel program to include identifying and including any additional premium intelligence sources or technologies, such as a Threat Intel Platform, while working within desired outcomes and budget.

Implementation Framework

Return on Investment on an intelligence program is best realized when there is alignment between strategy and the tools, intelligence sources, and people identified to support that strategy. King & Union’s combination of an analyst workbench with fractional data and on-demand analyst surge support offers something I’ve never had as an analyst or intel program manager: flexibility, agility, and options. Teams can now selectively add or remove intelligence data or analyst resources to suit dynamic security operating environments, threats, and capabilities. Here is a quick overview of what we can offer as we partner with our customers to meet those dynamic needs:

  • Avalon Cyber Analysis Platform is the foundation of all of our offerings. It where analysts perform analysis, collaborate and deliver intelligence back into workflows whether that’s a finished intelligence report or a push of indicators to a TIP, SIEM, SOAR, EDR, or other security stack tool with an acronym. Intuitive user interfaces and features such as activity tracking are designed to make it easier to train junior analysts and have them make an impact on operations faster.
  • Roundtable is the tokenized marketplace expected to be released in the summer of 2020 which will allow rapid identification, procurement, and use of premium intelligence sources on a fractional basis to support investigations and proactive intelligence activities. With the exception of a few organizations, most intel teams have to make hard choices about premium sources on an annual basis. Roundtable extends more options to those teams to leverage non-subscription intel on an as-needed basis and evaluate other sources while supporting real-world investigations.
  • Culper Group service offerings are responsive to practical realities. Analyst expertise is in high demand with a shortage of experienced analysts. Teams need help. We’ve put together a set of core offerings intended to respond to that need whether it is short-term and tactical such as supporting a single investigation or Request for Information or something more long-term that includes analyst augmentation paired with tailored premium intelligence. There is no one size fits all solution and our Culper Group analysts will identify the right offering or develop a custom one to meet each customer’s unique needs and challenges.

Part of our mission here at King & Union has always been to help customers address the human aspect of threat intelligence operations. With our new Culper Group Services, we’re excited to help customers bridge common gaps and help solve real problems around threat intelligence that many teams have had to handle on their own for far too long. 

Click here to learn more about our Culper Group services or set up a call with us. Whether it’s tactical analyst expertise on an as-needed basis or building a Managed Threat Intelligence program, our team is here to help navigate intelligence challenges.