Do you remember that from Saturday morning cartoons? It’s such a true statement and one that we should all remember when we go about our daily lives. Here’s an example. I was riding my jet ski on Father’s Day. I’ve been riding for years and feel pretty comfortable even in open water. During this ride, a leisurely cruise with my brother, I saw a 28′ foot boat slowly driving by and thought it would be fun to jump the wake. I started toward it but far enough away for the wake to calm a bit. After I broke the bow wake, a tiny one, it was only a millisecond or two before I realized I had miscalculated the aft wake; it was massive. He had been running his boat in a way I didn’t expect, it wasn’ t logical, he was trimming the aft deep and that massive wake caught me off guard. Needless to say, it wasn’t the fun jump I was expecting and pretty much ruined Father’s day for several fathers.
I was traveling this week on the west coast and had a thought about how if I had performed some intelligence gathering first I would have seen the size of the wake and either decided to pass or to hit it a bit slower. Then I thought about how that same intelligence gathering could be really helpful in my work and in the work of my peers in Information Security. How much better could get target our resources, people and tools, if we knew more about the attackers then maybe we could better defend. What are their motives? What data do they really want? What methods are they employing today against others that I could protect myself from proactively? Can we use the information well enough to make precognitive decisions?
The more I talk to other security professionals I see a huge swell of support for initiatives that provide analysis of attacks and events that goes beyond correlation. They are developing groups to provide in-depth analysis and collaboration in a effort to get ahead of the attacks and attackers. These “Analysis Centers” are the start of “Intelligence Centers” gathering data and information where they can dig in deep and better protect themselves. This isn’t new, it’s been going on for years in other industries. Commercial intelligence will feed these centers, giving them inside information that they will need that governments won’t share. Sooner or later, we’ll all work together to share intelligence and make it near impossible for attackers to be successful.
If you have the resources to fund one of these centers make sure you start with an experienced Intelligence individual. Someone who isn’t trying to figure out what to do but knows how to build a good practice because they’ve been part of one. If you aren’t able to fund one then find an intelligence partner, acquire those services and use them as part of your risk assessments, security strategy and tactical operations to better keep your data and people safe.
Cross-posted from Symantec Connect What’s @StakeTags: risk assessments, security intelligence, security strategy