The bedrock of a solid enterprise security program begins with the choice of an appropriate threat intelligence platform (TIP) and then to use this to design the rest of your program. Without the TIP, most security departments have no way to integrate the various component tools and develop the appropriate tactics and processes to defend their networks, servers, applications and endpoints.

What is newsworthy is that the threat universe has gotten a lot more complex and focused. For example, the Verizon VDBIR found that threats aimed at VPN and edge devices have surged to more than eight times what was reported last year.

The early TIPs were very unsophisticated products, often just cobbled together intelligence feeds of the latest exploits, with little or no details. Today’s TIP has a lot richer information, including underlying complexities and specifics about how the threat operates I talk about what some of these are in my latest post for CSOonline, along with short summaries of several TIPs from Bitsight, Cyware, Greynoise, Kela, Palo Alto Networks, Recorded Future, SilentPush and SOCRadar.