Operational Intelligence

David Lavinder

In my last blog post I discussed the importance of strategic intelligence to the enterprise.  To quickly sum it up: 

  1. Strategic Intelligence provides insight into the attackers and their targets
  2. Strategic Intelligence provides the necessary foundation to prepare a successful defense

Notice that second point; strategic intelligence is only the foundation.  Most strategic intelligence is too broad to be actionable.  Therefore, if the enterprise is intent on being successful against every attack, it will require a level of intelligence analysis that is currently lacking in the industry.

Imagine this scenario: you’ve been tasked with defending the company’s network.  You wisely provided a strategic intelligence report to your CEO, ensuring everyone had an understanding of the threats facing the industry of which your company is a part.  You’ve survived the gauntlet of suggestions based on buzzwords, and you’ve done the research and know what solutions exist.  Now you sit at your desk with loads of vendor brochures and marketing material and ask yourself, “Which solution do I need?”  Enter the importance of operational cyber intelligence.

From a military perspective, operational intelligence assists combatant commanders as they develop campaign plans.  Operational planners need to know the capabilities and employment of the adversary’s weapons in order to properly place their assets and train their soldiers for counteraction.  This scenario holds true for the network security lead as well.  Operational cyber intelligence, when properly applied, can guide security teams to posture defenses against a well-defined threat.  This means they can purchase the correct equipment, place it in the optimal position, and train the first line defenders on proper application.  

Morphick Managed Detection and Response uses Intelligent Analysis to produce operational cyber intelligence reports for its customers, providing regular updates as the attackers continue to adjust their tactics, techniques, and procedures.  These regular intelligence updates ensures situational awareness for your security team, preparing them to detect, learn, morph, and defend.