What is actionable intelligence? Is it just another name for threat intelligence? Like many terms in cyber security, it is a phrase used by vendors but is often poorly defined. At the NTT University event in Berlin, Enterprise Times asked Azeem Aleem, Vice President Consulting at NTT Security what actionable intelligence was and why organisations should care.
Aleem told us that: “Actionable intelligence is when you take threat intelligence and refine it to your specific domain. It requires a proactive approach to looking at what you know, what you have and determining the risk of a specific threat to your IT environment.”
In this podcast, Aleem explains why we need to develop processes to deal with the tactics, tools and process (TTP) of threat actors. He talks about the need for a framework that enables TTPs to be applied to IT systems. That combination of threat intelligence to create actionable intelligence, build TTPs and then apply that using a framework is key to being proactive in cyber security.
Aleem also talks about how IT security teams better engage with the C-Suite. CISO’s like to tell the board about the number of attacks they have stopped. Aleem recommends changing that to show what would have happened if those attacks had succeeded. IT needs to make it clearer for the board to understand risk.
To hear more of what Aleem had to say listen to the podcast
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there