So over the last few years, there seems to be a trend of non-DIB companies starting to build internal threat intelligence teams and a big spike in security companies offering it as a subscription service. Ten years ago a paid service got you vulnerability alerts, some open source geopolitical information, and dated commodity botnet information. This space has matured quite a bit, even though some providers are simply repackaging free indicator feeds and CVEs as threat intelligence. I think the value proposition is there by using intelligence to reduce the dwell time of an adversary and potentially on good day thwarting the attacks from the start. I think the formation of strong, sector specific intelligence sharing groups will be key to being better defenders. Having had access in the past to great intelligence via clearances, I know what a huge advantage it is. Hence my strong interest in the subject. At the same time, I have little traditional intelligence analysis experience. Mo...
My random musings about IT Security whenever I have time to think