Skip to content

Maximizing Threat Intelligence for Proactive Security

Standardization, Contextualization, and Collaboration

David Rushton, PlexTrac sales engineer, has talked to many, many security professionals and leaders in both the MSSP and enterprise spaces about how they use threat intelligence and dark web monitoring to inform their security strategy. In a recent webinar, he distilled his insights on how to maximize intelligence to provide better, more actionable offensive security data and move the needle on security posture. 

Watch the full webinar or read on for the highlights. 

The dark web and threat intel quagmire

On the market today, there are many great sources from which you can extract threat intelligence and tools you can use to perform dark web monitoring — from open source to all cost ranges of services and products. Despite this, most organizations are not making the most of the available threat intel data because they lack the processes to use the information they collect effectively to make a difference in their environment. 

Most organizations today are just not standardizing the processes for validation and tracking of the intelligence, which leaves them with massive amounts of risks. 

David said, “I’ve talked to many CISOs — many organizations — and one of the first questions I always ask them is, ‘Are you using intelligence and dark web?’ And they always respond, ‘Yes, of course we are.’ And I ask, ‘Great. How?’”

The response to this question tends to correlate with the maturity of the security program. Those of lesser maturity struggle to answer concretely, in part because the amount of time and money put into threat intelligence does not determine how valuable it is for your program. The processes you’ve put into place and the organizational context you apply determine how well you use data from threat intel to improve your security posture. 

Most organizations engage in some form of dark web and threat intelligence collection. Unfortunately, they face challenges in actioning it efficiently. Many lack a clear understanding of what they actually want to look for. They get overloaded with data — the sheer volume of dark web and threat intelligence available. And they have undefined priorities based on what’s most important in their organizational context. All of these challenges, for many companies, result in missed threats, wasted resources, and inadequate protection. 

The solution is defining processes around threat intelligence to involve standardization, contextualization, and collaboration. 

Elevating threat intelligence through standardization

The first step in maximizing threat intel is having a plan. You need to determine what’s important to you: What do you actually want to collect? Why do you want to collect it? Making these decisions will help you allocate resources to the right area and enable efficient processing.

Next, you need to establish standardized processes for validating, tracking, categorizing, and assessing the different types of intelligence that matter to you most. Just having threat intel is not enough. You must standardize how you process it so you can start identifying trends, anticipating vulnerabilities, and measuring improvement. 

“It is very easy today, in the market and with the tools that we have access to, to go and buy something and think that we’ve increased our maturity through that. But you need to understand that the process behind it is sometimes more important,” David said. “Once organizations have that sorted, then they can go and buy the tools or increase their sources and apply it to different areas because now they’ve created a standardized way that they can do it.” 

Elevating threat intelligence through contextualization

Next, you need to understand how the intelligence data relates to your specific organization’s context, environment, and attack surface. What are the efforts that you’re going to apply to the specific threat landscape that you’re looking to cover? What are the vulnerabilities that you’re most worried about? How are they prioritized? 

David said, “You need to understand how you’re going to respond based on the potential impact to your operational assets. For example, if you know continuity is really high on a certain web application or certain asset, then you are going to respond very differently if you find a potential threat through your threat intelligence or dark web feed against that particular asset.” 

Applying organizational context to your threat intel is also valuable for communicating to stakeholders more effectively. You can demonstrate to your stakeholders — clients, the board, leadership, managers, etc. — what you are working on and why. You can track and measure progress on the highest priority data for your company. 

Elevating threat intelligence through collaboration

Finally, keep in mind that using threat and dark web intelligence is a team issue. The data from these sources impact everything across all of your silos — from vulnerability management to the SOC to incident response to system administration to your engineers. So it’s imperative to consider how are you collaborating on the threat intelligence you are collecting. Collaboration and communication around the implications of threat intelligence are key to increasing proactive security. 

“So not only are the processes something you need to think about, but you also need to think about how your teams are collaborating and coordinating your response. Because a lot of these threats are quite complex. They are quite sophisticated. You also need to document this communication as you go through it — that is the final thing that I really think is absolutely essential with organizations and the market today.” 

How PlexTrac can help

PlexTrac is the market-leading offensive security management and reporting platform. PlexTrac enables the management of all data sources, including threat and dark web intelligence, to enable:

  • Standardizing findings
  • Efficient tracking and reporting
  • Contextual scoring and prioritization
  • Enhanced collaboration

To gain the most benefit from your efforts and resources invested in valuable threat intelligence data, you need a place to manage your processes. PlexTrac supports data aggregation, collaboration, and tracking through the full security life cycle so organizations can achieve a continuous assessment and validation strategy.

When it comes to building threat intelligence and dark web monitoring into your offensive security program, process management may not be the most exciting aspect to consider. But baking in standard workflows based on your organizational context and tracking and documenting efforts across teams is vital to achieving results.

Request a personalized demo of the platform to see how PlexTrac can help.

Liked what you saw?

We’ve got more content for you

Request a Demo

PlexTrac supercharges the efforts of cybersecurity teams of any size in the battle against attackers.

See the platform in action for your environment and use case.