As security practitioners, one of the common misconceptions most of us have is that the alerts we receive about application or system vulnerabilities are really only of interest and use to us, and maybe to the extended IT team.
Now I’m not advocating providing your CEO with detailed alerts about every application vulnerability out there, but there are specific use cases that can inform the directives of other internal teams, not to mention our ability to provide a high level summary of what the threat landscape looked like in the prior period to these business unit leaders who are likely involved in risk management tradeoffs.
For example, if you receive alerts about possible phishing sites exploiting your brand or campaigns against your customer base, as a security practitioner the common viewpoint has been “well it’s the end-user’s system and choice.” But give that same information to your marketing, legal, and customer service teams and you’ll end up with an entirely different viewpoint. Your legal team could take action against the group hosting the offending site and send out cease and desist letters. The marketing team would be able to create additional awareness within your client base to ensure that your customers are focused on your verified web presence. And your customer service organization would be able to be proactive supporting customers who call in after having fallen for the phishing scam. Simply put, these alerts provide immediate actionable intelligence to the internal businesses without any refinement whatsoever.
In part two of this blog post, we will take a look at the benefits of shared intelligence.