EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Six Steps to Guide Your CTI Maturity Journey

As discussed in our previous blog, the PoG (see Figure 1) illustrates a progression from responsive to pre-emptive CTI operations. To illustrate how an organization might position itself on the pyramid, the SANS Institute found that "Many respondents [to the 2022 CTI survey] this year are newer CTI organizations who are just developing their capabilities." [1] Indeed, SANS found that these organizations had minimal development of intelligence requirements, reactive integration of CTI into their security controls, and a focus on collecting and passing on IOCs. This level of capability places the organization in the bottom tier of the pyramid.

pog2

Figure 1 - Metrics for CTI maturity (click the image to zoom in)

As SANS stated, "CTI and IR coordination is a critical part of an overall cybersecurity program, but it takes some time to build both the processes and trust that facilitate robust collaboration." [2] In other words, it takes time to move up the pyramid and shift from supporting operational CTI stakeholders (e.g., SOC team) to more-tactical stakeholders (e.g., incident management and threat hunting).

How does a spider climb a pyramid?

An issue that affects most organizations that EclecticIQ works with is variation in capability scores. For example, you may have a superstar threat analysis, sourcing, and sharing operation (i.e., Stage 4), yet your stakeholder management and integration capabilities are sorely lacking (i.e., Stage 2). Despite your fantastic CTI team performance, the inability to align your threat analysis to the needs of your business means, overall, you are still at the bottom tier of the pyramid.

For this reason, we recommend that you move up the pyramid by improving all capabilities simultaneously. We acknowledge that this is difficult, but your CTI operation is only as good as its weakest capability.

6 recommendations to guide your journey

Based on our work with some of the most heavily targeted organizations in the world, EclecticIQ recommends 6 steps to leverage the PoG:

  1. Get started now! Building out your CTI practice requires a balance between implementing threat intelligence management before engaging stakeholders and engaging all stakeholders before starting to process threat data.

  2. PIRs continually change. As you mature, the best option is to continually update your intelligence requirements based on feedback as you advance your CTI capabilities. For more detail on this approach, please see our white paper, "Building a CTI Practice."

  3. Manage your climb. We recommend raising maturity yearly by at most two stages on the five-stage scale for each capability. To ensure you gain sufficient experience to operate effectively at each improved level, allow time to measure results, and then realign and plan accordingly.

  4. Report, report, report. Reporting and feedback between the CTI team and its stakeholders occur at all levels of the PoG. It's insufficient to focus on reporting to your CISO, risk management team, and executives only. Your CTI team must engage in feedback loops with all operational, tactical, and strategic stakeholders.

  5. Add effectiveness metrics. You must focus on effectiveness metrics in addition to performance metrics. Yet, it is critical to keep the work's complexity distinct from the metric's complexity. For example, producing an actionable report with the right content, context, and confidence at the right time for your executives is difficult. An effectiveness metric that tracks the number of these actionable reports and the distribution across your stakeholder base is easy to implement.

  6. Power your move up the PoG. Threat intelligence platform (TIP) technologies help you solve common implementation and improvement challenges regarding CTI capabilities. TIPs provide an easy way of bootstrapping core workflows and processes as part of a successful threat management practice. Please review our TIP Buyer's Guide for more information on adopting a TIP to support your CTI maturity progression and accelerate your climb to the top of the pyramid.

Completing your internal CTI maturity assessment and following these six steps will put your organization on the path from responsive to pre-emptive CTI operations.

Reference

[1,2] SANS 2022 CTI Survey

Start your journey today!

Take our 5-min online assessment to find out how mature your CTI practice currently is. You will also get our CTI maturity template to help you and your stakeholders create a straightforward action plan covering your future maturity goals, the actions needed to get there, and the metrics required to measure the outcomes.

Assess your CTI maturity
© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo