Threat Intelligence is a popular topic in security circles these days. Many organizations are now utilizing a threat feed that comes bundled with some other security product. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. Many organizations are hoping to take advantage of the large number of open source and free intelligence feeds now available. Some are even investing in commercial intelligence feeds.
However, as many organizations quickly discover, without effective management of the Threat Intelligence Lifecycle, making effective use of this valuable information is nearly impossible. Today, an organization has two choices for managing Threat Intelligence; Threat Intelligence Management platforms such as Anomali, or a manual in-house management program.
This presentation will explore the steps required to set up a manual threat intelligence life cycle management program for those who prefer the in-house approach.