Don’t Search for a Needle in a Haystack — SecurityWeek

Don’t Search for a Needle in a Haystack — SecurityWeek

A new article by Stan Engelbrecht, Director of D3’s Cyber Security Practice, is currently featured on SecurityWeek. The importance of threat intelligence to security operations is growing, as SOAR platforms and other tools get better and better at rapidly aggregating complex data from myriad sources. Having good contextual information about a security incident completely transforms the incident response process, making analysts smarter, faster, and more conclusive in their actions. In his new article for SecurityWeek, Stan talks about four use cases for threat intelligence that are especially relevant to incident response, and the drivers behind the current and future growth in the threat intelligence market.

In this excerpt, Stan describes how incident responders can use threat intelligence for automated threat enrichment:

Incident response and SOAR platforms can interface with threat intelligence platforms to enrich event-alerts from a variety of tools—including SIEM—with contextual data that helps eliminate false positives, and identify and convict real incidents. In automated platforms, potential threat indicators from a SIEM alert are automatically looked up in integrated threat intelligence platforms, giving analysts a full picture of the threat by the time they open the incident report.

Threat intelligence lookups can also be done as a proactive step during an investigation. Analysts can manually conduct queries about entities while evaluating an incident. For example, an IP address from a historical incident could be checked against a threat intelligence database and blacklisted if it is known to be malicious.

This article can be found in its entirety on SecurityWeek.

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.

XGEN SOAR demo image

Deep-Dive SOAR Demo

Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.