Threat intelligence is a critical organizational need

Cover story: Continuous threat intelligence collection, analysis, and optimization can help organizations improve cybersecurity measures.


Courtesy: Luca Bravo/UnsplashCybersecurity managers face many challenges, with corporate boards demanding awareness of cyber risks, faster processing of complex data, and efficiently managed services for an increasing number of intelligent devices. Security teams are in a better position to defend their organizations against threats if they take the proper preventive measures. Tools and staff need to be augmented with threat intelligence.

Threat intelligence is no longer just for large, well-funded organizations. It is now required to be an overall component of mitigation strategies for all businesses that operate within this evolving technological environment. Small businesses are able to access credible threat intelligence sources that can be based on an organization's profile and supply chain. Critical data that used to be in a secured data center now moves across an increasingly complex ecosystem of networked environments including the Industrial Internet of Things (IIoT), Internet of Things (IoT), cloud servers, virtualized environments, and mobile devices.

Cybersecurity and threat intelligence

The rate of change in some enterprise environments is so rapid many organizations struggle to keep pace with the evolving nature of cyber threats or have the ability to stay tuned into the threats that arise. To build an effective cybersecurity strategy, an organization needs to be aware of specific cyber threats and understand how those threats impact the organization.

Threat intelligence provides context, indicators, increased awareness, and actionable responses about current or emerging threats. This is designed to aid in decision-making at an operational, tactical, or strategic level. Cyber adversaries are using more sophisticated tools, techniques, and procedures that evade stand-alone security plans. Organizations need an evidence-based, holistic view of the threat landscape with a proactive security posture to defend organizations from a wide array of potential threats.

The goal behind threat intelligence services is to provide organizations with the ability to become aware, recognize, act upon attack indicators, and comprise scenarios in a timely manner that better protect against zero-day threats, advanced persistent threats, and exploits. Security teams across the world are challenged to discover, analyze, and interpret the vast number of daily events to discover attacks. Security consortiums are leading efforts to automatically detect, contextualize, prioritize, perform forensic analysis, automate compliance, and respond to incidents go beyond security information management to security threat intelligence.

Facility owners should define what they hope to achieve from threat intelligence; including:


  • Types of alerts needed
  • Vendor news
  • How intelligence is collected, reported and communicated to relevant stakeholders
  • Analysis process
  • How threat intelligence would be used.

Threat intelligence feed

An analysis identifying the organization's needs through an internal assessment of the organization's processes, infrastructure, requirements, ability to manage threat intelligence and security posture should be performed. Customers should compare the data feed and capabilities, alerts and reports, relative subscription prices and support offered by providers.

Threat intelligence feeds are becoming a dominant method as an intelligence gathering process for organizations that are developing their threat intelligence capability. These feeds provide a major benefit of combining intelligence into a single source that is easy to digest. The real-time nature of threat intelligence feeds is critical, especially when integrated with security information and event management (SIEM) platforms to allow for automatic comparisons of other feed entries.

Most organizations lack the resources and maturity in their security platforms to take advantage of threat intelligence feeds, which should evaluate the threat information against internal vulnerability assessments to allow for better prioritization of security controls.

A threat intelligence platform should prepare a defense for the organization. Combining threat intelligence capabilities to an organizations' software, hardware, and policy defense strategy enhances the staff's ability to search for advanced attacks, profile atypical malware, and detect potential adversaries. Typical internal threat intelligence teams have been deployed and structured in a way that is costly, hands-on, and misaligned to the organization's security posture.

Customers should work with their provider to improve subscription offerings, selected offerings, technical indicator feeds for integration, specific summary reports on events and emerging cyber threats, trends within the various business sectors and ensure that it is aligned to a long-term vision with integrated processes, and business requirements. 

Too few cybersecurity professionals, tools

The industry still has to address the growing shortage of skilled cybersecurity professionals, isolated security products, lack of integration with other devices and management tools, lack of funding, and inadequate correlation of threat data. Companies must be mindful implementing programs to avoid the typical failings such as not integrating threat intelligence into the enterprise platform, consuming but not sharing data, manual processes becoming a burden, no real-time data to provide security awareness, and lacking contextualized information.

In a global environment where cyber attacks are generated at a machine level, customers must ensure the identification, sharing, comprehension, and application of threat intelligence is as automated as possible. An automated platform allows for easy access to the intelligence and the ability to contextualize and prioritize attacks for immediate mitigation strategies. Effective intelligence assesses intelligence from various sources and source types to create a better threat and risk image for an organization.

The value to end customers is not the quantity of the various intelligence feeds, but the applicability of those feeds to their entire environment. The ability to customize dashboards and filters to continuously illustrate threats allows security teams to focus on threats that impact the organization. The threat intelligence market offers different types of information feeds that are not necessarily aligned to any industry or large manufacturer installed base. Though intelligence platforms must be recognized as a critical component to cybersecurity, organizations must define their high-level requirements, functional requirements, and visibility requirements.

Through collecting continuous threat intelligence, analysis, and optimization, organizations can increase their protective measures and strengthen their security tools. Significant and beneficial trends for cybersecurity in the following areas include: 

  • Threat awareness over the past 5 years, has risen from 25% to 75%. Companies have realized that cyber attackers had the advantage of knowing more about their networks than they did and are now becoming more proactive.
  • The percentage of organizations that have formalized in-house/out sourced teams to address threat intelligence has risen from 25% to 45% over the past two years.
  • The overall level of satisfaction with various threat intelligence elements that companies use is approximately 73%. This may be skewed as some may not understand what they are not receiving from other threat intelligence.

The industry also is making progress as data science and machine-learning models are delivering entirely new ways of looking at threats; this has the effect of avoiding the dependency of seeing the threat previously to provide security. Data science and machine-learning models can evaluate the traffic based on the collective knowledge of all internal and external threats previously to ascertain discrepancies that may become threats. According to recent research including reports from Statista and IDC, it's estimated that global external threat intelligence services spending is expected to increase to over $1.6 billion by the end of 2018.

Anil Gosine is a global program manager at MG Strategy+, a CFE Media content partner. Edited by Emily Guenther, associate content manager, Control Engineering, CFE Media,


KEYWORDS: Threat intelligence feeds, cybersecurity

The importance of threat intelligence feeds

Implementing a successful mitigation strategy against cyber attacks

Consider this:

How would implementing a threat intelligence feed improve your organization's defense against a cyber attack?

Top Plant
The Top Plant program honors outstanding manufacturing facilities in North America.
Product of the Year
The Product of the Year program recognizes products newly released in the manufacturing industries.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
October 2018
Tools vs. sensors, functional safety, compressor rental, an operational network of maintenance and safety
September 2018
2018 Engineering Leaders under 40, Women in Engineering, Six ways to reduce waste in manufacturing, and Four robot implementation challenges.
GAMS preview, 2018 Mid-Year Report, EAM and Safety
October 2018
2018 Product of the Year; Subsurface data methodologies; Digital twins; Well lifecycle data
August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, programming cavity pumps
Spring 2018
Burners for heat-treating furnaces, CHP, dryers, gas humidification, and more
October 2018
Complex upgrades for system integrators; Process control safety and compliance
September 2018
Effective process analytics; Four reasons why LTE networks are not IIoT ready

Annual Salary Survey

After two years of economic concerns, manufacturing leaders once again have homed in on the single biggest issue facing their operations:

It's the workers—or more specifically, the lack of workers.

The 2017 Plant Engineering Salary Survey looks at not just what plant managers make, but what they think. As they look across their plants today, plant managers say they don’t have the operational depth to take on the new technologies and new challenges of global manufacturing.

Read more: 2017 Salary Survey

The Maintenance and Reliability Coach's blog
Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
One Voice for Manufacturing
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Maintenance and Reliability Professionals Blog
The Society for Maintenance and Reliability Professionals an organization devoted...
Machine Safety
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
Research Analyst Blog
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Marshall on Maintenance
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
Lachance on CMMS
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
Material Handling
This digital report explains how everything from conveyors and robots to automatic picking systems and digital orders have evolved to keep pace with the speed of change in the supply chain.
Electrical Safety Update
This digital report explains how plant engineers need to take greater care when it comes to electrical safety incidents on the plant floor.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Randy Steele
Maintenance Manager; California Oils Corp.
Matthew J. Woo, PE, RCDD, LEED AP BD+C
Associate, Electrical Engineering; Wood Harbinger
Randy Oliver
Control Systems Engineer; Robert Bosch Corp.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Design of Safe and Reliable Hydraulic Systems for Subsea Applications
This eGuide explains how the operation of hydraulic systems for subsea applications requires the user to consider additional aspects because of the unique conditions that apply to the setting
click me