No Intelligence Vendor Has 100% Visibility Into What is Happening on the Web
The fact that there is no silver bullet for cyber security, but instead every organization needs to work with a variety of vendors, has shaped the common practices of how we purchase security solutions. In many cases, there’s a checklist – we need a firewall, an end-point protection solution, a SIEM, a penetration service, a cloud security solution, and many other types of solutions to cover all of our bases. We review the alternatives in the market, compare their offering and their cost, allocate the available budget accordingly and prioritize. Once an item on the checklist is checked, we move on to the other items. After all, we don’t need two firewalls, or two SIEM solutions. However, in threat intelligence, an item that appears in many organizations’ checklists, it may be quite advantageous to have multiple vendors. Here’s why.
The purpose of threat intelligence is to collect data from a variety of sources outside of the organization’s perimeters and generate intelligence on what is happening “out there”, enriching the organization’s security operations. Just like a military would find it difficult to fight without any knowledge of the adversary’s position or movement, so is the security team at a major disadvantage without such information. Threat intelligence provides visibility that extends beyond the organization’s perimeters – and this visibility is based on the vendor’s coverage on intelligence sources.
The fact is that no intelligence vendor has 100% visibility into what is happening on the web. As organizations’ visibility is limited to what their threat intelligence vendors cover, by definition they will never have full visibility. In cyber security, where a single incident can be devast ..
Support the originator by clicking the read the rest link below.
