However , my core principle when gathering and analysing threat data is to focus on curated intelligence .
Simply gathering as much data as possible is counterproductive because it pollutes your systems and signatures , overwhelming the security team with numerous alerts to manage . To ensure we have curated and actioned intelligence , we rate and verify our sources of intelligence .
For instance , when an IP address is flagged as malicious in a report , the threat actor typically abandons it , so continuously logging it as malicious is pointless . Therefore , at Rapid7 , we implement a strategy where , after a certain period , we acknowledge past malicious activity but refrain from labelling it as malicious to avoid cluttering signatures .
SOC teams are already inundated with tasks , so our approach helps reduce the noise they encounter . Moreover , it assures them that any alert they receive has undergone verification and scrutiny .
Q . WHAT HAVE YOU IN YOUR ROLE AS SENIOR DIRECTOR OF THREAT ANALYTICS IDENTIFIED AS ONE OF THE BIGGEST CYBER THREATS CURRENTLY ?
ยป The biggest issue remains ignorance . Whilst attacks can be complex , organisations often fail to adequately secure their networks .
cybermagazine . com 21