Defining Security Intelligence
Several years ago, Q1 Labs introduced the term “Security Intelligence” to describe the value organizations can gain from their security data by treating this information like they do the outputs produced from other business functions. We always hoped it would catch on, and it certainly has! Lately, we’re seeing this term being used more and more by customers, vendors, pundits and industry experts- but what’s interesting is how no one seems to be describing the same concept.
To avoid confusion, I thought it was about time we post our definition, and open this up to your thoughts and comments. So here it is:
Security Intelligence (SI) is the real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise. The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.
Data collected and warehoused by security intelligence solutions includes logs, events, network flows, user identities and activity, asset profiles and locations, vulnerabilities, asset configurations and external threat data. Security Intelligence provides analytics to answer fundamental questions that cover the before-during-after timeline of risk and threat management:
1.) What are the internal and external threats?
2.) Are we configured to protect against these threats?
3.) What is happening right now?
4.) What is the impact of a breech?
In the coming weeks we will be posting more Security Intelligence-specific content on this Blog, such as Michael Applebaum’s “6 Things You Wanted to Know about Security Intelligence But Were Afraid to Ask“. Make sure you check back often, and in the meantime, if you’d like to learn more about how Q1 Labs treats Security Intelligence, download this white paper “The IT Executive Guide to Security Intelligence.”
So, please stay tuned, and comments are welcome!