Why ‘Iterative’ Intelligence Is More than Threat Intelligence

Threat actors are no longer tucked away in a basement disrupting a business or stealing assets. They are now organized businesses and often nation states. They are learning from their challenges and so should we.

Iterative intelligence is one way we can get smarter. Iterative intelligence is the notion that we become smarter with repetition. In security it’s an idea that works both for the bad guys breaking in and regular defense of the network.

Historically, on the threat defense side, if the network went down or customer data was lost, someone would pay the price. We have heard from CIOs that they once had three questions for every security breach: What happened, what was lost, and who do I fire? Today, CIOs know that the person responsible for the network during an attack provides institutional memory that will serve the company in the long run. CIOs know that they should guard this knowledge carefully, because it is not a question of if — but when — the company will be attacked. And the next time it is likely to be by a more complex, hidden, difficult to detect threat.

From every attack, we learn. We have gotten better at filling a database repository with information that is correlated to patch and upgrade security devices to attempt to predict and proactively thwart threats, or at least mitigate more quickly if they occur. This is the true benefit of Iterative Intelligence.

Businesses benefit from iterative intelligence that provides predictive and proactive guidance to lessen network downtime. A threat intelligence security services (TISS) provider can offer this guidance and can link data feeds into managed security services and incident response/forensics, which provides further benefit. In these cases, a CISO can rest assured that not only are all possible inputs for human and automated updates applied, but that the inputs will inform their devices in a rapid manner when outsourcing the monitoring and management of their security that this input will inform their devices in a very rapid manner. Finally, in the event of a breach. Engaging a TISS provider put boots on the ground to find the threat more quickly and documents forensic evidence for compliance needs.


This blog is co-authored by Christian Christiansen, Program Vice President, Security Products and Services, IDC


For more information on security trends, read the IDC Whitepaper, sponsored by AT&T:

Christina Richmond Infrastructure Security Services Program Director IDC About Christina