I was traveling this week on the west coast and had a thought about how if I had performed some intelligence gathering first I would have seen the size of the wake and either decided to pass or to hit it a bit slower. Then I thought about how that same intelligence gathering could be really helpful in my work and in the work of my peers in Information Security.How much better could get target our resources, people and tools, if we knew more about the attackers then maybe we could better defend. What are their motives? What data do they really want? What methods are they employing today against others that I could protect myself from proactively? Can we use the information well enough to make precognative decisions?
The more I talk to other security professionals I see a huge swell of support for initatives that provide analysis of attacks and events that goes beyond correlation. They are developing groups to provide in-depth analysis and collaboration in a effort to get ahead of the attacks and attackers. These "Analysis Centers" are the start of "Intelligence Centers" gathering data and information where they can dig in deep and better protect themselves. This isn't new, it's been going on for years in other industries. Commerical intelligence will feed these centers, giving them inside information that they will need that governments won't share. Sooner or later, we'll all work together to share intelligence and make it near impossible for attackers to be successful.
If you have the resources to fund one of these centers make sure you start with an experienced Intelligence individual. Someone who isn't trying to figure out what to do but knows how to build a good practice because they've been part of one. If you aren't able to fund one then find an intelligence partner, acquire those services and use them as part of your risk assessments, security strategy and tactical operations to better keep your data and people safe.