Infosec 2014: Word document threat intelligence not good enough - Santander

Threat intelligence providers that send their reports as Word documents are not doing their job properly, says head of operational risk unit

Threat intelligence providers that pass on Word documents which detail what an organisation's threats are and how it can best tackle them are most likely not good enough, according to Santander's head of operational risk unit, Michael Paisley.

Speaking at a panel session at Infosecurity Europe 2014 in Earl's Court today, Paisley urged firms not to believe everything a commercial threat intelligence provider says that it can do.

"It's not that they're all bad, but you have to filter which ones are good," he said.

He went on to explain that if the firm is receiving Word documents from their threat intelligence provider, then the provider isn't doing the work that they're paid to do.

"It is an indicator that they are not really going through a process themselves, they're simply giving you raw data, and that's not what you want from a commercial intelligence provider."

The panel session focused on actionable intelligence, and the panellists were keen to point out that both technology and people were important in order to receive and act on intelligence.

Barclays' global head of attack monitoring, Jeorg Weber, urged firms to make sure technology wasn't a problem.

"You get a lot of tools where you have information and you can't action it, so that's the first thing you need to discover. Then you have to ask whether you have a commitment from senior staff to actually work on the information that you receive," he said.

Santander's Paisley said that the critical point is being able to "notice the signal amongst all of the noise", but that this has to relate to the core function of the organisation as there is no point collecting data for the sake of it.