Picking a good cyber threat intelligence vendor is an important decision. And you’ve got to prepare some strategic questions to ask your potential vendors if you want to make sure you end up with a reliable and professional partner.
But first, you have to know yourself; most importantly, you have to know your WHY.
In this episode of the Dr. Dark Web podcast, we share the top 10(ish) questions to ask yourself AND your (cyber) threat intelligence vendor.
⚡ Know thyself. You should know your main goals and motivation before picking a threat intelligence vendor. One of the most important questions to ask yourself is why you are doing what you’re doing. “For me, the top things are — there are two real big ones. And the whole point of the ‘why’ comes down to a couple of different things. Are you doing it for efficiency? In other words, we don’t know what we don’t know, and we want to understand it. And how do we do it in the most efficient way possible? So that’s part number one. Are we doing it for visibility and awareness? In other words — back to the ‘we don’t know what we don’t know’ — if we’re going to put our head above the parapet, how do we actually tell what’s useful, usable, scalable, and actually effective to help with? […] Then the other big one is basically justification. So if you’re looking at next year’s budget or you’re looking at even going through this year’s or when your fiscal year ends or headcount — if you’re having to justify, to some degree, your existence — understanding internal and external threats and the risks associated with them is a really good way to start on that ‘why are we doing it’ exercise.”
⚡ Strategic, tactical, operational, OR other types of intelligence? The next step is to determine what type of intelligence your potential vendor can provide. Also, think about what type of intelligence matches your goals. “Strategic. How are you looking at the market itself? How are you looking at geopolitical areas? How are you looking at critical infrastructure as a whole or whatever your area is? Tactical. Well, what the heck is going on? APT group, ABC, Cozy Bear over here, and a whole bunch of Muppets in a different direction. What the Smurf are doing is great to know, but then you’ve actually got to bring in, ‘Well, why do I care?’ And then operationalizing that data as well is that other part of it. In other words, you’ve told me that IP sucks. Well, why? For how long? How long has it been? What’s happened with it, and what the heck am I going to do with it?”
⚡ Whose data are they collecting, where are they getting it from, and how? The following questions revolve around data collection. “All of this is information that you need to understand what they’re collecting because if you understand what they’re collecting, you could also understand what they’re missing. […] So the data is another interesting one. Take a messaging stream — this is a perfect example of what kind of data. Are they collecting 24 hours’ worth of messaging? And how can you disseminate what’s good, bad, and what’s ugly, and how are they doing it?”
Top 10(ish) Questions to Ask
- Why are we doing it?
- Who’s the consumer OF the data we will produce?
- Do I want (and do you have) strategic, tactical, operational, OR other types of intelligence?
- Who’s data are you collecting?
- Where are you collecting it from?
- How are you collecting it, how are YOU sorting the woods from the trees?
- What context are you providing along with any raw data?
- What does your platform support? (commercial, open source, community, internal, etc.)
- Can I customize the inbound data, if so how?
- How (if any) are rankings, scoring, or risk metrics applied (method, madness?)
- What happens if I want more platforms, systems, seats, etc?
- Where’s MY data kept? The stuff I’m building (or you are) about MY company? (the intel packet?)
- Talk to me about your methodology (Plan, Collect, Process, Analysis, Dissemination, AND Feedback)
- IF they go down the rabbit hole of AI and ML, ask them about the following:
- Data structures?
- Data languages?
- Data context?
- Data relationships?
- Data classification?
- Data forecasting?