Do companies who deliver “threat intelligence” deliver on that promise, or is there more the customer needs to bring to the table to be able to take action?



Eric Murphy, VP, security research, SpyCloud

Check out this post and discussion for the basis of our conversation on this week’s episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest for this episode is Eric Murphy (@_EricMurphy), VP, security research, SpyCloud.

Subscribe to Defense in Depth.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, SpyCloud

Learn more about how you can protect employees and customers from account takeover with SpyCloud.

On this episode of Defense in Depth, you’ll learn:

  • Threat intelligence is about telling a story. And that story is broken up into three parts: strategic, operational, and tactical intelligence. Threat intelligence today really isn’t about creating that story. Most of the cases are about correlating data points.
  • Threat intelligence becomes stale when you are reactionary vs. being proactive.
  • Threat intelligence fails when you don’t mix multiple intelligence points to form a more complete full story of your adversaries.
  • Feeds are not valuable by themselves. When you combine it with your internal data, that’s when you could actually come up with something actionable.
  • If you’re not ingesting and onboarding your data appropriately into your internal threat intelligence team, why do you even have it?