One possible way to develop such intelligence is to join an information sharing and analysis center (ISAC) or organization (ISAO). ISACs typically focus on critical-infrastructure groups—such as energy or finance—while ISAOs focus on specific sub-segments of the industry, such as credit card processors or hospitals.
Such groups, however, rely on you to provide data on the threats that are targeting your network. While many groups have members who are content to just gather information, the most robust groups are those where members also freely share information on the threats they are seeing. While such sharing can set off alarm bells of concern for business executives, security professionals can develop smaller, closer-knit networks within their own industry.
3. Lean on your security community
Perhaps the most useful way to consume threat intelligence is to derive insights from your peers—intelligence created by humans for humans. Comparing notes with your security peers helps you better interpret threat data and provides the context necessary to shape your security program design to address new threats.
While many vendors turn to intelligence feeds coupled with features to analyze and react to machine-readable data, that data on its own can present an incomplete and fragmented picture unless you provide the context to make it actionable.
Sara Boddy currently leads F5 Labs, F5 Networks’ threat intelligence reporting division. She came to F5 from Demand Media where she was the Vice President of Information Security and Business Intelligence. Sara ran the security team at Demand Media for 6 years. Prior to Demand Media, she held various information security consulting roles over 11 years at Network Computing Architects and Conjungi Networks.