A common complaint among threat intelligence analysts is the near impossibility of searching global threat intelligence feeds to find the specific threat and vulnerability information that matters to their organization. This complaint is just the tip of the iceberg. The larger, underlying problem facing security teams is the general lack of visibility and context across all internal files and objects that enter and then move about, stay resident, and or leave their corporate environments. Having more visibility and greater understanding of these files and objects would add critical decision-making context to internal risks, vulnerabilities, and threats. It would also make global threat intelligence more actionable. This lack of context presents itself to SOC teams as an absence of in-depth knowledge about incidents, and to hunting teams as too few clues to build-out useful hunting hypotheses. This paper will discuss in detail a path to closing the visibility gap through a unique, new local threat intelligence infrastructure.
