Analysis Techniques: Responding When the Attacker has a Foothold – Part II | RSA Speaking of Security

A well-run threat intelligence team can substantially improve the organization’s ability to prevent, detect, and respond to targeted attacks by allowing that organization to separate commodity attacks from high-threat attacks, and blocking technical resources (email addresses, for example) associated with targeted attacks. To use a rough analogy, a threat Intelligence team can provide information about the attack landscape just as a weather forecaster can predict and understand the weather. When reducing the dwell time of an attack can mean the difference between a single-system compromise and an enterprise-wide breach, that additional insight can be a tremendous advantage.