How to Evaluate Your ICS/OT Threat Intelligence Providers

Four Key Traits to Assess Intel Quality: Completeness, Accuracy, Relevance & Timeliness

Threat intelligence supports secure industrial operations in three key ways:

1. It helps to reduce cybersecurity risk while allowing industrial control systems (ICS) and operational technology (OT) asset owners to prioritize security investments.
2. It reduces the adversary dwell time inside OT environments.
3. It reduces the time to restore safe and secure operations after a cyber event – in other words, mean time to recovery.

But not all ICS/OT threat intelligence is created equal. When threat intelligence is incomplete, inaccurate, irrelevant, or stale it can often do more harm than good.

Bad threat intelligence wastes staff resources by making security analysts chase down information to fill in the blanks or verify spotty reports. It distracts analysts and operators with threats that don’t really impact their organization’s core risk posture. And it leads to poor security decisions, sometimes spurring action that has worse consequences than the threats themselves.

Unfortunately, all intelligence providers make mistakes. The objective should be to pick providers that consistently produce more good intelligence than bad over the long term. Download this whitepaper to determine how critical infrastructure organizations can periodically assess intel providers for performance over time.