How are you currently diversifying threat intelligence sources? Is your organization adopting any new strategies or platforms to maintain situational awareness?
Sort by:
The volume of threat intelligence has increased so much that we have considered leveraging AI analysis to help our analysts manage all these sources. Although we have not implemented AI yet, we recognize its potential to aggregate and summarize intelligence, making it more manageable. However, there are concerns about accuracy and the need to verify AI-generated insights. We did participate in a trial run of Microsoft Security Copilot, which aggregates threat sources and provides summaries, but found it too expensive and less useful without integration with Sentinel.
We rely heavily on ISACs, and as a credit union, we also use a credit union-specific ISAL that sends us alerts. Our managed service provider supplies threat intelligence as well, particularly regarding high-profile vulnerabilities and bad actors targeting financial services or credit unions. While this is not a new strategy, it does mean we are dealing with a large volume of information from multiple sources. Our main focus is filtering through this data to identify and act on high-priority threats.
AI tools like Microsoft Security Copilot are promising, as they can ingest threat sources from various places and generate summaries. However, the cost and integration requirements are significant barriers for us at this stage.
The key aspect for us is not just diversifying threat intelligence sources but also integrating them effectively. There are emerging web platforms and vulnerability management platforms—now often called exposure platforms—that are incorporating intelligence, including vulnerability and sometimes threat intelligence. We use an enterprise-grade solution, Tenable One, which provides us with intelligence. Another source is our SecOps-based intelligence, which is part of our incident response and intelligence feed. Additionally, our SASE platform brings its own intelligence. The challenge is to ensure that our analysts have timely access to all relevant intelligence so they can make informed decisions when it matters most.
The discussion on AI also raises questions about preparing for future threats, such as those posed by quantum computing. As quantum technology advances, there is increasing attention on post-quantum cryptography and quantum-safe programs, like those being developed by Microsoft for the Azure platform. While we have not yet adopted these solutions, we are monitoring developments closely.