Table of Contents
One concern that affects many organizations is the sense that they are an island unto themselves in the vast ocean of business. The number of threats and information that is out there can create a sense of being buried. That you’re more than likely to miss something, simply because it’s close to impossible to triage all of that information and account for all the threats, while maintaining normal business operations.
Information sharing groups are great because they provide that information in a bit more targeted forum. I’m in this industry, this threat is being seen by my industry, so it helps with prioritizing. But that’s just the tip of the iceberg too, when it comes to triaging information and working through threat intelligence.
That’s what stands out to me about “The Call that Protected Four Clients.” It is a prime example of getting to the crux and being able to act on information. An organization itself would have to hope that the call that one client made would have been shared within our business community. That’s a lot to expect. Organizations are hesitant to share information because of the view that we are mostly competitors. Sharing a potential weakness feels like we are unnecessarily exposing ourselves to a risk not worthwhile.
But here, we have a company entrusting information to their shared partner protector. The fortunate component is that the partner is a trusted partner to many organizations in the same vertical. That allows them to apply knowledge from one to many, which collectively provides additional security to an exponential number of companies from a threat that they might not be aware of yet themselves.
This is the greatness of strength in numbers. I’m in a position where my focus is on the application of a potentially active threat, as opposed to working me through any number of infinite possible threats that may be theoretical at best. My vertical, my organizational size, those are two factors when I triage the threat landscape itself that I need to prioritize parsing out, and here that work is already done when I first hear about the threat.
That puts my organization and me in a position to be proactive in our reactive response. Yes, we’re reacting to the information, but our response is proactive, even if it’s just a little bit, we’re hardening defenses and taking action prior to an active incident in our environment. Preventive measures in a proactive stance allow for more forethought and calm minds to make determinations, since we’re not operating under the intensity of an active incident.
Context and critical thinking, plus that gut feeling, are components I don’t take for granted. There’s always something to be said for them, something to trust, and to lean into. If I can get them from a source of expertise, it allows me to focus on execution, not excavation.
Read the full eBook: Tales from the SOC: Security Success Stories Powered by Proactive Intelligence and Real-Time Response
