CREST Guide to selecting the right cyber threat intelligence partner

The CREST Threat Intelligence Professionals (CTIPs) group has released a guide to finding the right Cyber Threat Intelligence (CTI) partner for different businesses.  The free guide helps organisations to get the most out of CTI to better meet their security challenges, minimise the impact of cyber-attacks and maximise the return on investment.

The first step to finding the right CTI partner must be to understand the business that needs to be protected. The guide breaks this down into examining products and services, affiliated sectors, geographic footfall, social-political support and business strategy and mission.

We recognised that there was very little meaningful guidance to help CIOs and CXOs select a CTI provider for their business,” explained Oliver Church, Chair of the CTIPs group.  “CTI shouldn’t just be a tick box compliance exercise. When it is implemented properly and with the right partner, CTI is a powerful tool that can transform your security posture from reactive to proactive and stop attacks before they happen.”

Once clear on the business needs, the next step is to identify and analyse capability gaps.  The CREST guide provides actions that help businesses to highlight and report on these gaps; for example, by examining past incidents against the business or its peers.  It also suggests using the CREST Cyber Threat Intelligence Maturity Assessment Tools, free diagnostic tools developed by CTIPs.

After the cyber threat profile and capability gaps have been identified, the problem needs to be broken down into a set of intelligence requirements, prioritised by business needs.  These Priority Intelligence Requirements (PIRs) must be frequently reviewed to ensure they are always relevant to the business.

It is important next to examine the CTI solutions available and establish how they can help solve challenges the business is facing.  CREST researchers have conducted an open-source research exercise on 100 CTI vendors from around the world and also provide a list of common components in a CTI solution, to help with the selection process.  The final step covered in the guide is how to carry out a full vendor assessment, based on a list of functional and non-functional requirements.

You can download a copy of the guide below:
Cyber Threat Intelligence in a business context

The guide was written to help anyone looking to procure CTI services,” said Oliver Church.  “There are no hard and fast rules because all businesses are unique but if they follow the steps outlined, it should go a long way to help find the right partners to work with.  The end of the guide also provides a useful scenario that illustrates how all the points come together into a cohesive approach to CTI procurement.”