BAE Systems has made a series of bold predictions about the future of threat intelligence. Russell Kempley, BAE's head of technical services for the EMEA region, gave a talk today at IPExpo, titled "The Future of Threat intelligence: how you ingest, analyse and act on threat intelligence?"
Kempley started with a rough sketch of the current threat environment.
Threat Intelligence is the collection of knowledge and information in order to better anticipate threats or deal with them in real time. Everybody, Kempley says, uses threat intelligence in one way or another; whether it's watching the news, word of mouth or something else.
In cyber-security, however, the situation is ramped up. In an ideal situation, cyber-security professionals should have "the right intelligence at the right time". What we're striving for, says Kempley, is "threat intelligence everywhere it can help," at "the moment its needed," with "a minimum of effort".
It is and always will be an uphill battle. But, we can learn from the fact that state intelligence has been doing threat intelligence for hundreds of years and is always dissatisfied with its capabilities. The final point of perfection may never be reached, but that doesn't mean we shouldn't keep striving for it.
Kempley predicts that the future will see a split forming in how organisations and companies use threat intelligence. Some will not have the need for round-the-clock comprehensive access to threat intelligence; those who think it's not core to their business, says Kempley, will get their threat intelligence indirectly through vendors. The advantage of this is, of course, that the vendor can share intelligence across their customer base.
Those who do feel the need for a more hands-on approach will opt for direct access to threat intelligence and develop comprehensive in-house capabilities.
The way we pay for threat intelligence is also due to change, says Kempley. He thinks that a model will develop "where you pay for intelligence at point of use".
Much like Google Adwords, this will cleanly align threat intelligence purchasing with the "when you need it, where you need it, as you need it" ideal.