On “cyber intelligence”

Intelligence.

From what I can tell it’s the new hotness in cybersecurity.

From what I can tell it’s also not being done very well. The end result of course being that “intelligence” is treated as a fad or gimmick, which would be a terrible mistake for the cybersecurity community to make.

Let’s lay down a few givens before we go any further. For starters, “intelligence” is like “APT:” If you’re not using the proper definition, you’re just playing marketing tricks. Boiled down to its essence it works like this:

  •  No matter how good the source, a discrete piece of “data” or data “feed” is not intelligence
  • Intelligence is not a mashup of disparate data points; that’s “information”
  • Intelligence is information that is put into context and enhanced with expert (human) input that provides the intelligence consumer with insight.

No application, device or appliance is capable of providing you with intelligence. Such mechanisms may provide you with enhanced information, but without the human element it’s still just information. If machines could produce intelligence, a whole lot of people in this business would be unemployed.

Your organizational decision-maker(s) are your intelligence “consumers.” Every consumer wants something different from their intelligence product, which is where the human element comes into play. The intelligence requirements of the C-level is of little utility to the responder on scene, and vice versa. Devices and feeds in and of themselves cannot support either requirement. Any purveyor of “intelligence” that does not have a human between data and consumer is not offering intelligence. If you are not paying for someone to apply their little gray cells to your or their data, you’re paying a premium for something you could probably get for free.

Intelligence is not fool-proof. Intelligence tells you something you don’t already know, but because you cannot know everything, there are no guarantees. Intelligence providers who claim to be flawless, or nearly so, are not producing content of value because only the most generic and heavily cavetated output can be made to seem right 100% of the time. You don’t need to pay extra for people to tell you “maybe” and “possibly.”

I’m just touching the surface here, and if anyone wants me to riff longer I will, but I just wanted to make sure something was out there standing athwart the “cyber intelligence” hype train shouting “stop!”

Leave a Reply