The ultimate guide to threat intelligence for corporate security and risk monitoring

As explained by Gartner, threat intelligence is the information that an organisation uses to understand the threats they face now and threats that could face in the future. This information starts as data which is gathered by analysts before it is processed and analysed in order to provide context such as the impact, capability or intent of the threat.

Threat intelligence helps you to make more informed decisions that will help you to prepare, prevent and mitigate the impact of threats. Ultimately, threat intelligence provides you with the insight you need to better protect your people, assets, reputation and bottom line.

Across the world, threats are constantly evolving and business security risks are increasing.

Whilst some businesses may not consider themselves to be operating in high-risk or dangerous areas of the world, profound social instability, failure in governance and deepening polarisation between opposing political and cultural views is constituting new threats, in new places. In just the past few years, globally, we have seen events and incidents unfold that would seem so far removed from reality in decades gone by.

This is why the need for high-quality threat intelligence in corporate security is growing rapidly. To keep abreast of the many dangers and risks that our international security landscape now presents, a constant stream of data and information can be the lifeline that keeps businesses, their people and their assets safe.

Data is not the same as intelligence. 

And with the overwhelming amount of data that can be found every day, a stream of raw information can be just that – overwhelming. To generate value from data, it should be subject to the intelligence cycle. 

The intelligence cycle is a structured process, commonly applied in a military environment, and is used to gather information, convert it into relevant intelligence, and pass it to those who require it – the decision makers.

Implementing the intelligence cycle provides an order to the collection and information gathering process. It states exactly what needs to be collected, in what priority and when.

Threat intelligence is often broken down into three subcategories:

• Strategic 
• Operational 
• Tactical

Different information is required at different levels of the organisation, depending on the type of decisions they make. Ensuring that the right team has the right information can be key to protecting your organisation. 

Strategic Threat Intelligence

Strategic intelligence focuses on broad issues which impact and direct strategy. It provides a high level of information on your organisation’s current security posture as well as the security landscape you operate in. It’ll explore the worst case scenarios from potential threats and their possible impact on your business.

It’s typically used to make decisions at a high level, and therefore should include evidence-based and informed projections regarding the security landscape of your industry. It should help you plan for the resources and tools you’ll need to mitigate future threats. 

Operational Threat Intelligence

Operational intelligence requires real time, or near real-time data. This data is required at speed as it’s typically used to inform decisions that require a quick response. For example, operational intelligence in the military is used during combat by people on the battlefield, rather than in the planning phase. 

For you, it may mean responding to an incident that has occurred close to where you have colleagues currently travelling. You’ll need timely information on what’s happening and the severity of the situation before making decisions that will ensure their safety.

Tactical Threat Intelligence

Tactical intelligence is intelligence that is required for planning and conducting tactical operations. It’s aimed at those making the day-to-day decisions, prioritising tasks and allocating resources in order to keep the business moving.

This means that they need regular updates, the latest in order to keep them on track and ensure that they’re achieving the objectives that are set with the help of strategic intelligence. 

Every security role can benefit from threat intelligence. In fact, it’s increasingly common for intelligence to be shared with, and utilised by, the wider organisation but it’s essential to security departments.

It’s a key component that can empower your team and support multiple different security functions by providing a more clear understanding of the current threat landscape.

Threat intelligence can feed into your duty of care, and help you to protect your people as they conduct business across the globe. It can allow you to better advise them ahead of their trip so they too have an understanding of the place they’re visiting, as well as ensure they’re safe throughout their travels. Timely threat intelligence enables you to constantly monitor the security situation, quickly identify a change and respond to emergencies where necessary.

It can also help you to mitigate risks to your other mobile assets such as cargo, vessels and aircrafts – helping you to plan the safest and quickest route and notifying you of disruption so that you can divert your assets with minimal impact to your supply chain.

And it’s not just the assets that move either. You can better protect your static assets too by understanding what’s happening around them. The knowledge that threat intelligence provides you with will enable you to implement more stringent security measures following early identification of a string of commercial burglaries in your area, or justify an increase in security costs because the crime rate around one of your facilities is rising.

Beyond your security team, implementing a threat intelligence solution within your company can help to set investment priorities, understand your weaknesses and limit reputation damage.

Because of our diverse client base, we know the use cases for threat intelligence can differ significantly. Each organisation has different objectives and priorities, and they need data that reflects that.

At Intelligence Fusion, we conduct an Intelligence Collection Plan (ICP) with every new client that comes on board. This allows us to better understand what they’re trying to achieve, which then helps to guide our collection efforts.

Taking a more tailored approach to our data gathering means that our clients get a more refined, highly valuable stream of intelligence. And most importantly, the impact of it on their business and operations.

Some use cases for threat intelligence include:

Incident Response

We work with operations centres across the world and typically, their main aim is to receive information that may have an impact on their business as quickly as possible. They rely on our alerting functionality to inform them of breaking news and developments so that they can quickly implement the appropriate procedures to ensure people are safe, assets are protected and that any disruption to their operations is minimised.

Risk Analysis

Analysing risk means looking at the likelihood of something happening, and understanding the impact if it does.

To do this effectively, you need data. The data will firstly allow you to identify what the biggest threats to your organisation are, then how likely they are to happen. Having a database of historical information will not only allow you to quickly identify what risks you’ve been exposed to in the past, but how many times they’ve occurred and hopefully, what the negative consequences were.

And this doesn’t have to be threats that your business has been subject to directly. Your competitors may have been affected, directly or indirectly, or even risks that impact the entire industry you operate in. Political risks such as a change in government policy or even foreign influence, whilst not directly targeting your business, can significantly impact your operations.

Threat intelligence can help you answer questions such as:

1. What types of threats exist?
2. Which threats have occurred?
3. How often do they occur?
4. How is this changing over time?
5. What threats affect my competitors?
6. Which threats could affect us?
7. Have we already been targeted?
8. Who is targeting us?
9. Why would they target us?
10. What are their tactics?

Identifying and understanding the risks, enables you to make more informed decision-making, develop proactive mitigation strategies and justify associated budget and staffing requirements.

In addition to the types of threat intelligence that is available, there are several different types of intelligence solutions too.

Depending on your current set up and budget, you may just require the data. For example, if you have an existing platform or interface that you can use to visualise the data, you can ingest threat intelligence API feeds into your software to enhance or improve your current dataset.

If this isn’t the case, your best option is to look into threat intelligence platforms. This solution will not only provide you with the data itself, but the best software solutions will help you better interpret the information and provide perspective through intuitive intelligence tools and powerful visualisation capability.

How do you know the best solution for you? Typically, you’ll find that the biggest difference in threat intelligence providers is the way in which they collect and gather the data.

Automated Collection

The meteoric rise of artificial intelligence and machine learning tools has changed the way many industries operate – security and intelligence being one of them.

In order to increase the speed of gathering data, and reduce the overheads of hiring a team of expert analysts, many intelligence providers have introduced automated collection.

Algorithms are built to comb through news articles and social media feeds from around the world to monitor trends, geopolitical developments, and potential crises in real-time. Tools such as natural language processing are utilised to assist machines to compute the meaning of words and provide context in the same way that humans do. The end product is large volumes of very fast data being fed to the users.

Threat intelligence solutions that solely rely on automated collection are usually configured so that the algorithms identify key words or phrases on social media. Any tweet or post containing that trigger word will activate an alert.

It goes without saying that there are many benefits to this kind of threat intelligence software, however, a purely automated solution can also have it’s drawbacks too.

Without any human involvement in the collection process, there’s very little analysis or context. The data is in its most raw format, so unless you have a team of analysts on your team who can weed out the most relevant alerts, it can be overwhelming.

Analyst-led Collection

With an analyst-led intelligence solution, the data collection is manual. There will be a team of analysts identifying and processing the data they gather, which is then disseminated via a threat intelligence platform.

The best intelligence providers will hire analysts who will likely have built up years worth of expertise in the region or specialism that they cover. They’ll be able to provide unparalleled context to incidents and provide additional insight into the ‘so what’ factor of intelligence – essentially, why is this incident important and what does it mean to you?

By helping you to answer these questions, you can save time, effort and resources interpreting the data on your end. Analyst-led collection can be particularly beneficial if you have a small team or if risk analysis is the main use case for your business.

If you’re looking at threat intelligence for incident response, an analyst-led solution may not provide you with the timeliness required to meet your objectives, unless the provider is focussed on one particular area.

Hybrid Collection

Both speed and context are important to provide the most accurate and actionable threat intelligence. At Intelligence Fusion, we’ve taken a hybrid approach.

We’ve built a team of military-trained analysts, who operate our 24/7 Operations Centre. Their job is to gather, evaluate and assess information, but they’re supported by data scraping tools which were designed to better identify incident details across the internet. By fusing automated collection with the expertise of our analysts, we balance speed and accuracy to provide the most valuable overview possible.

All of our data is verified, carefully geolocated as well as contextualised to provide you with practical, valuable intelligence that you can view in our award-winning platform.

Having access to threat intelligence is only useful when you use it effectively to provide you with a situational awareness that’s relevant to you. 

All too often, security and intelligence teams will find themselves changing their internal processes to work around the threat intelligence they have in place. Off-the-shelf software always has limitations, because they’re built to cater for the needs of multiple sectors. You’ll often find yourself paying for tools you don’t necessarily need or buying into multiple solutions in order to solve the different challenges you and your team face. 

Finding a threat intelligence solution that can be customised to reflect the way you operate, rather than the other way around, can be a gamechanger.

You can hand-pick the tools and features that best meet the needs of your team, and the price will therefore reflect that. So no matter the stage of your business, size of your team or the budget you’ve got, you can build the most valuable threat intelligence platform for you and your needs. 

It also means that you’ve got a partner for the long-term too. Tailored solutions are more scalable so any changes in your internal situation, or even changes in the global security situation, and you can quickly adapt.  

We always recommend that you assess all of your options before making a decision on a threat intelligence solution. It’s a big investment, and such an important piece of your security infrastructure. 

Before speaking to providers, you should identify:

1. What are the biggest challenges you face as a team?
2. What do you need from a threat intelligence solution?
3. Does your current solution have gaps? What do you wish it could do?
4. What are our wider security goals and objectives?
5. How much am I willing to invest in order to achieve this?

Understanding your current situation, and how you’d like that to improve, will make the evaluation phases much easier. 

And when you’re ready to start that process, we’d love to hear from you. We offer free demonstrations of our product, with no obligation to take the conversation further. But if you’re interested, we can set up a 7-day free trial of our software too, to help you get to grips with the data we provide and the kind of tools available. 

Schedule a demo online, or reach out to a member of the team at info@intelligencefusion.co.uk to get started. 

Let’s talk