5 best practices for running a successful threat-informed defense in cybersecurity
If you’ve been in cybersecurity for the past five to 10 years, you’ve probably heard the term “threat-informed defense.” Simply stated, a threat-informed defense focuses security teams, technologies, and budgets on those threats most likely to impact a particular organization, industry, geography, etc.
The concept basically aligns with the famous (and often referenced) quote from Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
To put this in cybersecurity terms, security teams need to monitor the tactics, techniques, and procedures (TTPs) of their adversaries, understand how these TTPs could be prevented or detected by their security controls, and then make any adjustments necessary to cover gaps in their defenses.