* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/)
* Bland Information Overloa...

# Bland Information Overload or Business-Critical Intelligence?

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F11%2Fbland-information-overload-or-business-critical-intelligence%2F)  
[](https://twitter.com/share?text=Bland+Information+Overload+or+Business-Critical+Intelligence%3F&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F11%2Fbland-information-overload-or-business-critical-intelligence%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F11%2Fbland-information-overload-or-business-critical-intelligence%2F&title=Bland+Information+Overload+or+Business-Critical+Intelligence%3F&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2015/11/bland-information-overload-or-business-critical-intelligence/&ts=markdown)  
\[\](mailto:?subject=Bland Information Overload or Business-Critical Intelligence?)  
Link copied  
By [Greg Day](https://www.paloaltonetworks.com/blog/author/greg-day/?ts=markdown "Posts by Greg Day")  
Nov 03, 2015  
5 minutes  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[cyber intelligence](https://www.paloaltonetworks.com/blog/tag/cyber-intelligence/?ts=markdown)

Today there is much debate on the role of intelligence in cyber strategies. Like so much in the world of cyber, as the requirements have changed, so have the capabilities being offered. With this in mind, what are the characteristics of modern cyber intelligence?

When the Heartbleed vulnerability was announced last year, like most, I started to search for more information. Within the first 24 hours, there were already hundreds of thousands of articles online, many providing technical insight on the exploit. There was no shortage of information about the vulnerability and how it worked, and I even found a video tutorial on how to leverage the exploit.

At a recent leadership event, I observed a very heated debate on intelligence. In many cases, the points made reinforced that intelligence is primarily a lot of noise with limited value.

There is indeed an abundance of technical information on how threats and vulnerabilities work, as well as known bad domains/IPs, and so on. It seems the challenge is that, with so much raw data, how do we ingest it to gain value?

E.O. Wilson, a social biologist suggested, "We are drowning in information, while starving for wisdom\[1\]", so what is the difference? The FBI defines intelligence as "information that has been analysed and refined so that it is useful to policy makers in making decisions\[2\]".

Depending which security vendor you follow, it is suggested that there were hundreds of millions of new malware iterations created in 2014. Looking at the CVE list\[3\], the count got to 9751 documented vulnerabilities and exposures identified over 2014. Taking that last number alone, that would be nearly 27 per day, which is too much data to be useful to make security decisions on a daily basis.

When thinking about these numbers, three points stand out as opportunities for intelligence to add value:

1. Ensuring protection against as many of these threats as rapidly as possible.
2. Being able to identify which are the high risk attacks that are likely to impact your business. From the total volume of attacks, we need to identify the few that we may choose to be incrementally proactive against. These would typically be those attacks that are targeting your industry or geography. By their nature these are the more targeted attacks that have specific, focused goals that can have greater business impact.
3. Reverse analysis: recent public breaches seen in the media highlighted the challenge when indicators of compromise (IOCs) have been found but not acted upon. Being able to look up suspicious IOCs to understand if they correspond with existing campaigns or techniques is a growing requirement for security operations teams. ISACs and industry collaboration groups are springing up around the world to do this at a peer-to-peer level, but are limited by the groups' membership.

From discussions that I've had, there are specific elements required to move information into business-valuable intelligence and to enable decisions to be made and actions to be taken. All of these are interdependent, and if any single one is missing, the value quickly collapses. These are the following:

* **Timely** -- Seemingly obvious, yet the reality is that, as attacks have become more bespoke and their lifespan has shortened, the time to receive actionable, contextual intelligence is critical.
* \*\*Actionable --\*\*Intelligence is only useful if it includes information on what the recipient should do next (i.e. mitigate the attack). Too much threat information today simply describes the problem, requiring human intervention that makes the intelligence no longer timely.
* **Machine readable**-- Where attacks are constrained by only CPU power and network speed, providing intelligence that requires human inspection is inserting an analogue process into a digital problem. If we cannot directly apply actions at a technology level, without requiring human involvement to proxy the information, we add unsustainable lag into the process. This is critical both in terms of the time to apply preventative controls and in relation to the ability to deal with the capacity of today's cyberattack scope.
* **Low false positives**-- If we are to apply intelligence without human input, we must have high levels of confidence in the information received.
* **Contextual** -- From a risk management perspective, this mean being able to identify relevant, current, high-risk threats that require context. Likewise doing the reverse lookup on indicators requires context to be able to qualify what the attack is and does.

**Summary**

Today's cyber challenge is a numbers game. With the volume of what is happening globally and the volume of security events discovered internally, we are creating a big data challenge that will only expand as we add more IPs and more security capabilities, and the volume of attacks continues to grow. SIEM tools typically help consolidate internal events, but that is only part of the challenge. We also need to add context and consolidate external information.

What is key is that we typically have finite cybersecurity staff and live with the analogue limitation in the digital world. The more we can filter and automate activity (machine to machine), the closer we get to working at the same digital speed as the attack. There is always going to be a requirement for some level of human intervention, but today those humans are typically tied up with tasks that should be automated, so they are completed in a timely manner. Having the right intelligence is an enabler to increase automation and free up cybersecurity staff to focus on the activities they should be focused on.

\[1\] [https://en.wikiquote.org/wiki/E.\_O.\_Wilson](https://en.wikiquote.org/wiki/E._O._Wilson)  
\[2\] [https://www.fbi.gov/about-us/intelligence/defined](https://www.fbi.gov/about-us/intelligence/defined)  
\[3\] [http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=2014](http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=2014)

*** ** * ** ***

## Related Blogs

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Davos 2018: Hot Topics in Cyber Risk](https://www.paloaltonetworks.com/blog/2018/02/cso-davos-2018-hot-topics-cyber-risk/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### New Report: The State of Cybersecurity in Asia-Pacific](https://www.paloaltonetworks.com/blog/2017/07/cso-new-report-state-cybersecurity-asia-pacific/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### Navigating the Digital Age Guide in Japan -- Why Now, Why Japan?](https://www.paloaltonetworks.com/blog/2016/12/cso-navigating-digital-age-guide-japan-now-japan/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI, Quantum Computing and Other Emerging Risks](https://www.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### The Case for Multidomain Visibility](https://www.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Securing the AI Before Times](https://www.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language