Security Intelligence

Academically, Security Intelligence refers to

1. gathering,

2. analyzing,

3. and interpreting data

to identify, prevent, and respond to potential security threats.

 

In practical terms, monitoring of various information sources, such as internal logs, external threat databases, and even news and other activities, let us to detect indicators of compromise (IOCs) or vulnerabilities.

With the collected information in knowledge, advanced technologies like artificial intelligence (AI), machine learning (ML) and data analytics let us to transform in knowledge and even predict risks in realtime.

​​

You can read my experience creating a system to detect in realtime web page abuse in an online banking here (Predictive of abuses and attacks to protect online banking web page).

​

Of course, it's not just a matter of tools; it's a matter of experts and skilled analysts that can interpret the data, automate the process and the response to the threats.

​

In this article (Cyber Intelligence: a practical case from UBS-Twint security weakness), I describe an inappropriate Security Intelligence, unable to detect and protect the clients of a payment platform from an emerging security thread from an AirEuropa data security breach (security breaches in one corporate affects other -this is the an important key that Security Intelligence adds to traditional InfoSec).

​

​