Just because an org has deployed a SIEM or uses a SIEM service from a MSSP / SOC vendor does not mean that threat intelligence (TI) has been implemented.
As articulated below, TI is at the next level compared to log aggregation and correlation.
https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
As always, budget, available resources, technical skill-sets, industry, and jurisdiction will all be factors in the feasibility of onboarding a TI program.
If you want to keep yourself updated with Cyber related news and improve threat detection and data ingestion through advanced integration options with SIEM tools and security products and several STIX/TAXII platforms, then visit Cyware.
ReplyDelete