We continue to make the same mistakes that we did with infosec 25 years ago based upon a technology. Then it was a firewall, therefore it must be placed inside of IT as an infrastructure solution 3 layers+ below the CIO at a minimum. Here we are in 2019 and it is a TIP that is IOC driven for the most part which places it inside the the SOC and IR. Starting as a tool to solve some specific technical and largely tactical issues. Seems logical to the uninitiated but exponentially wrong. This is what happens when those who do not understand what intelligence is and where the real value is take the reigns and drive a solution. As said before, you do not buy an M4 carbine, a few banana clips with various types of rounds, place it in the hands of civilians then build a lurp with that group and the M4 as the centerpiece. Just as illogical and something that creates a false sense of safety for a short period of time. Knee jerk reactions while doubling down on a failed model.
Some TIPs are evolving now and looking ‘up’ the food chain but infighting driven by ego and politics, legs locked in a concrete foundation of inaccurate definitions, the mistakes described above, and a lack of general understanding is more the norm than not.
… Good points, what should we do instead?