Threat intelligence without context is worthless

Platforms such as Mandiant, Recorded Future, and CrowdStrike Falcon Intelligence promise to provide information about the current threat situation in near real time. Many of these tools deliver comprehensive reports and are used by numerous organizations.

But here’s the problem:
The flood of information is often so great that it simply overwhelms experts and decision-makers.
In larger organizations in particular, there is a lack of granularity—for example, when it comes to filtering information specifically by business area or location.

What’s more, organizations often don’t know exactly what their crown jewels are. Which data, systems, or processes are truly critical? What protection requirements exist in terms of confidentiality, integrity, and availability (CIA)?

Without this context, even the most modern threat portals become part of a security theater—they convey security where there is none.

What organizations really need:

• Clarity about valuable assets and their protection requirements
• A complete register of IT systems and other valuable assets
• Meaningful reports tailored to your own context, instead of standardized portals that flood you with data

I see it time and time again: expensive tools are purchased, but there is a lack of responsibility and goal setting. The result is what I call “collective irresponsibility”:

Everyone knows the URL of the portal, but no one feels responsible for dealing with it, using the information sensibly, or formulating requirements.

How can it be that organizations spend 6 or 7 figures on threat management platforms without any real added value?