Read time – 2.25 Minutes
Everywhere we go, everyone wants to automate everything they see and touch. No matter the possible process or procedure, method or technique, information security professionals seek the perceived easiest path to a solution. Artificial Intelligence is a must although not a fact in 2021. Machine learning is pushed to a back seat yet that is really the best we do have. We have dumbed-down the definition of AI to fit our current capabilities so we can sell another iterative and slightly better solution than the last. IT and InfoSec departments running threat intelligence functions rush to platforms claiming to be the be-all, end-all solution only to lead immediate buyers remorse and capability disappointment.
What is missing? A solid cyber threat intelligence program. What is critical to program success? Human intelligence. With all the bells, whistles, sensors, heuristics, signatures, and behavior-based solutions, the Russians still penetrated over 18,000 organizations for months. Only until a human discovered a anomaly did the investigation start. Not one cyber security or (so-called) intelligence tool noticed, discovered, or identified the malicious activity. Not one vendors solution detected the problems. Nary a one. Only a human noticing unusually activity with more than one cell phone.
With all the millions spent on cyber security and threat intelligence technologies and data feeds, we should expect better. But, when the old model of see-detect-arrest is in place, when we build technologies based on what we know and not on true cyber intelligence, then we are destined to fail. Repeatedly has we have for 30 years. The cyber security and threat intelligence industry failed. Period.
Organizations rush to buy the latest tool. Deploy it. Get some immediate value, then fail to tune, update, maintain and exploit every possible capability. Until the next shiny object appears as a must have, we then repeat the cycle. We liken this to purchasing arms before we have an army. Then force staff without proper training to the arms. Then building the semblance of an army but as a small platoon when a brigade is needed. Without fully understanding the adversary we buy arms and the figure out what we need for soldiers. Ass backwards and destined to result in where we are today.
We must have the following minimum-necessary in place before we purchase one tool.
- Cyber Threat Intelligence Gap Analysis
- Strategic Intelligence Plan
- Business Justification
- A funding model that is not a percentage of a percentage of a percentage
- Staffing and Organizational Models
- Complete Business support and buy – business championing the program
- Stakeholder Analysis
- Adversary Threat Matrices
- Intelligence Requirements
- A Complete Inventory of Existing Cyber Security and Threat Intelligence tools and data feeds
- Internal Staff Skills Assessment
- Training plan
Once we have the above in place, the local model (practical and pragmatic to the culture) selected and funded, phase I staff hired, and all the assessments and analysis completed, then we can considered technology gaps.
Stop perpetrating the failed model an force-fitting a cyber security model on cyber intelligence. Change the paradigm and move towards a winning strategy.
Why Treadstone 71?
We are one of the only pure-play cyber intelligence and cyber HUMINT firms established in 2002 well before the hype. We have built multiple cyber and threat intelligence programs, enhanced existing programs, and solved many cyber intelligence issues from the United States to the Middle East and Australia. We are technology agnostic and lead with assessments, learned understanding, and practical programs. We help you learn and build sustainable efforts that assist with leadership decision-making. Contact us to learn more before you make that next half-million dollar purchase.