Practical Information Security

http://www.securityweek.com/too-busy-round-wheels Good article reminding us all that running a SOC is hard work, and it takes effort, it takes planning, does not happen by accident, requires skilled staff, processes, and tools, and management who understand the objective, and who can provide the political cover to make sure the mission is achieved. Plenty more to be said on this issue.  Building Incident Response Programs is something I do a lot professionally, so I'll write on this coming soon.

To those in the US - Happy Independence Day! So today's topic is on some of the starting points of building a Threat Intelligence function for your internal Security team.  First a couple words on what this is, and is not about. Often in the work I do, people ask "So do I need Threat Intel? or Do I need to spend $$ on XYZ corp's threat intel feed/software/etc." Every organization is different, but all organizations can benefit from being aware of threats.  That does not directly translate to a product though.  While some more mature organizations or environments with and extensive Security Operations Center can probably leverage an external threat feed, you will probably get more direct value from looking for anomalies, trends, and other internal indicators of 'evil'. Here is an article by Digital Guardian that give some very good starting examples, about mining your own internal DNS for potential issues. https://digitalguardian.com/blog/know-