• United States




4 tips for getting the most from threat intelligence

May 30, 20194 mins

It’s easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance.

CSO  >  malware / security threat / skull and crossbones on a user's screens
Credit: PeopleImages / Petrovich9 / Getty Images

There’s no doubt that threat intelligence is critical for any company trying to build a winning security strategy, but threat intelligence alone won’t provide much value. In addition to knowing about potential vulnerabilities or new emerging threats, you also need the expertise to manage the flow of information, and the means to act upon it.

If you really want to improve your security posture and make threat intelligence work for you, then there are several factors you must consider.

Here are 4 tips for making sure that the data you collect can be used to protect your company. 

1. Know your risk tolerance and set your priorities

Vendors will happily sell you all manner of software tools that gather useful threat intelligence. But before you shop for tools, it’s crucial to take the time to consider what kind of risk tolerance you have.

It’s simply not possible to prevent every potential threat, so when you think about information security, you need to work out precisely what data is most important to you. With limited resources and overloaded staff, proper prioritization is the only way to make workflows manageable and ensure that the real lifeblood of your company is safeguarded.

Some businesses may prize reputation over everything, others will want to guard specific data sets, and some may be focused on keeping those sales flowing. Decision makers throughout the company should put their heads together and figure out what really matters. What would be the most damaging thing that could happen to the company? Are there threats that could be considered acceptable?

With finite resources, the importance of this step can hardly be overstated.

2. Understand your environment

Before you can prioritize effectively, you need a complete picture of your current situation. Perform a comprehensive asset inventory. Hunt out those unmanaged devices and eliminate your IoT blind spot. If you’re going to make use of incoming threat intelligence, then you must understand immediately when and where different threats apply to your company.

What do threats mean in context? If you get new intelligence on a potential threat that exploits a particular version of an application on certain devices, some specific printer driver, or maybe a way to access a smart thermostat, then you need to know immediately whether that’s something that applies to you. Does it have the potential to impact your environment? And even if it does, what does that mean with regard to your true priorities?

3. Employ automation but not in isolation

There’s been enormous buzz generated about automation in security and with good reason. It’s vital to automate security processes and have tools act on threat intelligence autonomously where appropriate. Automation can free up your limited talent pool to focus their efforts where they can have the greatest impact. It can also alleviate tedious, boring tasks to a certain degree, but automation is not a substitute for people and expertise.

The potential of machine learning to shore up your cyber defenses is huge, but many vendors are overpromising and exaggerating the current capabilities. Only by combining human and machine, will you get the best results right now. Man + Machine is the winning combination.

4. Hire (and train) skilled people

With an understanding of your priorities and environment, and the right tools in place and functioning, you still need a qualified expert at the reins. It’s no secret that finding security talent is very challenging in the current landscape, so consider training and promoting internally where you can, and look to consultants and outsourcing when that’s not possible. Feed your honed threat intelligence to the right person and you can laser focus your defense efforts where they’ll make the most difference.


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author