Leveraging SATs in Threat Intelligence.

The hype about threat intelligence has subsided. Security professionals are now looking to roll up their sleeves and dig into ways to turn data and information into intelligence. More than ever, organizations are looking to operationalize threat intelligence efficiently. As enterprises produce troves of data, they must interpret and leverage it to get a better glimpse into the risk landscape and take steps to protect the business.

Now, there’s a broader range of options that organizations can use, from integrations through threat intel platforms to orchestration platforms. But for teams that are producing their own intelligence, there’s a trend that’s picking up that’s allowing them successfully operationalize their information: structured analytic techniques (SAT). It’s essentially adding analytical rigor to your analysis by levering tools that minimize bias, such as confirmation bias, anchoring, and mirror imaging, says Rick Holland, Vice President of Strategy at Digital Shadows.

“[SATs] are designed [so that analysis is more transparent],” Holland told InfoSec Insider in a recent interview. “They’re starting to make their way into more mature organizations. Not necessarily the top one percent, but it’s maybe the top ten percent of organizations that are using these types of techniques.” 

In the video interview below, Holland discusses the ins and outs of structured analytic techniques, how security professionals can leverage them, and why and how smaller organizations can benefit from this approach.

 


For a deeper dive and hands-on look at threat intelligence, check out the InfoSec World pre-conference workshop on "Scalable Threat Intelligence Design."