I’m guessing the creators of the movie The Princess Bride had no idea that Inigo Montoya’s quote – You keep using that word. I do not think it means what you think it means. – would be widely quoted for years to come. It captures a disconnect that I believe is at the heart of many human interactions: the assumptions we all have when we enter discussions that can prevent us from truly listening and understanding. These preconceived notions can be so engrained that we don’t even realize the impact they have on our ability to engage in meaningful discussions.
One example of this from the cybersecurity world is when people talk about threat intelligence. It’s a loaded term, even poisoned. I know this is an extreme word and position, but hear me out. People have preconceived notions of what threat intelligence is, so they make assumptions in conversations and those assumptions are rarely thought about, much less discussed. For the sake of improving security operations, this is a subject we cannot avoid. We need to open our minds and explore these underlying assumptions.
So, let’s start with Gartner’s definition of threat intelligence and go from there:
“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
However, many equate this definition to external sources of threat data only. The assumption and filter is that threat intelligence equals external threat data. But what about internal data – the telemetry, content and data created by each layer in our security ..
Support the originator by clicking the read the rest link below.
