Threat intelligence has been a part of cyber defense processes in the private sector for nearly a decade now. Many threat intelligence teams were initially composed of classically trained intel operators from the public sector, where they focused on gathering data to thwart national security threats. And as these teams grew and adjusted to protecting against customer data breaches and disruptions to services, growing pains associated with working in a corporate environment were to be expected.
Expectations are changing, though. Security operations is maturing, and as threats have continued to evolve, enterprises have made significant investments in security infrastructure. C-suites and boards are increasingly involved in security decision-making, and studies show that they are doubling down on security investments, which are expected to rise to $458.9 billion in 2025 from $262.4 billion in 2021.
But with increased investment comes scrutiny and rigorous competition for dollars across IT and security teams. However, for threat intelligence teams, it appears old habits die hard. Many remain in the government intel mindset, focused on funneling data to the security operations center (SOC) and have limited experience in extending threat intelligence to other parts of the business, communicating the resulting value and justifying the investment required.
Delivering curated threat intelligence to more teams that need it, enabled with bi-directional integration, will allow CISOs and their team to prove threat intelligence is far from a cost center.
After nearly a decade of threat intelligence going corporate, a reckoning is coming. It’s time for CISOs and threat intel teams to start working together and prove that threat intelligence is not a cost center, but drives value across all security operations.
As threat intel teams mature, here are three recommendations to help create a shift in mindset and demonstrate the full value it provides.
Think of the threat intel team as the providers of a product