Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues.
Security vendors and white hat researchers continuously seek new indicators of compromise. Once found, they convert them into prevention and detection controls and deploy them as quickly as possible. This is called actionable intelligence. The problem for the past decade is that most network defenders take days, weeks or even months to cross this last mile—if they do it at all.
What is needed is an automatic way to make the journey. Instead of analysts reading intelligence reports, deciding that the intelligence is pertinent to their environment, crafting prevention and detection controls for their deployed systems, and then deploying those controls, network defenders will, in the future, rely on automated systems which do that for them.
Read more predictions on The Cipher Brief.