Chapter 10. Strategic Intelligence
âOur products have become so specific, so tactical even, that our thinking has become tactical. Weâre losing our strategic edge because weâre so focused on todayâs issues.â
John G. Heidenrich
Every once in while, an incident responder will start an investigation with a prickling sensation in the back of his mind. Some call it a premonition, some call it deja vu, but as the investigation unwinds, it will inevitably hit him: he has done this before. This. Exact. Same. Investigation.
Whether it was a month ago or a year ago, incident responders find themselves dealing with the same situation manifesting itself in the same way. The same vulnerabilities, the same lateral movement, maybe even the exact same stolen or reused passwords. At this point, many find themselves shaking their fists at the sky, asking how this could have happened. Didnât we learn from the last time? Didnât we fix the problems? And unfortunately, the answer is often no. When the last incident was resolved, there were other things to worry about, other problems requiring the attention of everyone from the IT manager to the CIO, and since the problem had been âresolved,â there was no more time to spend thinking about it. Lessons were not learned, and although some small changes may have been made, there was no lasting impact on the security of the organization because new, urgent problems took priority.
There is a misconception about strategic intelligence that ...
Get Intelligence-Driven Incident Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
