2,500 years of threat intelligence and its value continues to grow

Anthony Perridge, VP International at ThreatQuotient discusses how threat intelligence has evolved to form an essential aspect of modern-day cybersecurity. By harking back to the practices of our ancestors, today’s threat hunters can take inspiration about evaluating threat data to maximize the best possible decisions.
Anthony Perridge, VP International at ThreatQuotient discusses how threat intelligence has evolved to form an essential aspect of modern-day cybersecurity. By harking back to the practices of our ancestors, today’s threat hunters can take inspiration about evaluating threat data to maximize the best possible decisions.

Military general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War, still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. That’s because even though threat intelligence is a relatively new discipline in our cyber defence processes, it has actually been around for more than 2,500 years. Threat intelligence was central to Sun Tzu’s winning strategies, and it is foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions.

Most cybersecurity professionals are familiar with this widely referenced quote by Sun Tzu: “If you know others and know yourself, you will not be beaten in one hundred battles. If you do not know others but know yourself, you will win one and lose one. If you do not know others and do not know yourself, you will be beaten in every single battle.”

According to Sun Tzu, the first step in awareness is information gathering. This includes information about yourself – your assets, priorities, strengths and vulnerabilities. You must also know your enemy – who and where they are, their size, the types of weapons they use, their motivation, and their tactics and techniques. This information drives basic decisions – is this a threat or not, should we fight or flee, and what actions should we take? Then comes the most important step – calculations. As Sun Tzu said, “The general who wins a battle makes many calculations before and during the battle. The general who loses makes hardly any calculations. This is why many calculations lead to victory and few calculations lead to defeat.” We should not act on the basis of raw data, but rather on information gained by examining the data for relevance, priority and other situational information, which on the battlefield includes terrain and weather conditions. The goal is to apply context to data, so you have the right information at the right place and time. 

Parallels with The Art of War and the XDR process

Relating this process to XDR, we see close parallels. Gathering information from different disparate internal and external sources and domains is the “extended” part. The distribution or dissemination of information across your security infrastructure is the “detection and response” part. Finally, calculations involve converting raw data into relevant intelligence and this is the basis for responding efficiently and effectively to a given situation. 

To accomplish this, what’s needed is a data-driven security operations platform that allows you to extend capacity to consume and manage data, be it internal or external, structured, or unstructured. A lot of valuable data you get from third parties is trapped within their technologies, so the platform must be based on an open architecture, where integrations are broad and deep to help you unlock that valuable resource as well. Having aggregated and normalized all that data, the platform then must be able to correlate the data and apply context so you can prioritize and filter out noise. 

Ultimately, you want to be able to operationalize the data and take the right action. So, the platform must translate that curated, prioritized data for export, allowing for data flow across the infrastructure to quickly activate defence technologies and teams. Closing the loop, the platform also captures and stores data from the response for learning and improvement. And remember, all of this happens at speed and scale, so automation is key — allowing you to act efficiently for comprehensive response.

Threat intelligence best practices to enable XDR 

For organizations considering XDR, or that have already embraced XDR, the following best practices will help you leverage threat intelligence to derive more value. 

  • Use data from all sources: Integration is a core competency to enable XDR because organizations are not starting with a clean slate but have dozens of technologies, feeds and third-party data sources across departments and teams. Allowing for strong integration and interoperability with all systems and data sources, internal and external, enables you to leverage threat data. Displaying a wealth of contextualized data via a common work surface enables teams to apply it to understand the threats they are facing to reach the goal of extended detection and response across the infrastructure and across all attack vectors.
  • Use data to focus efforts: Prioritization should be automated but under the control of the security team. Filtering out noise (false positives and information that is irrelevant) using parameters you set ensures prioritization is based on risk to your organization. Analysts can focus on threats that matter most instead of spending time chasing ghosts. Feedback and results should be continuously captured, stored, and used to improve security operations.
  • Use data to drive response: The most effective way to empower teams is to apply automation to repetitive, low-risk, time-consuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, time-sensitive investigations are best led by a human analyst with automation simply augmenting the work. A balance between human and machine ensures that teams always have the best tool for the job, and a data-driven approach to both improves the speed and thoroughness of the work.
READ MORE:

XDR is gaining a lot of traction. But in order for it to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach. Threat intelligence was critical to success on the battlefield then, and it is critical to success on the cyber battlefield today. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Anthony Perridge

Anthony is the VP international, EMEA at ThreatQuotient, a company dedicated to revolutionising cyber defence capabilities by building analyst-driven applications, helping organisations manage threat intelligence and therefore defending against sophisticated cyber attacks. Prior to joining ThreatQuotient, Anthony worked as Sourcefire’s EMEA Sales and Channel Director.

TPIs are the Future of Energy Solutions

David Sheldrake SVP POWWR • 19th June 2025

The energy industry is undergoing a transformation, and Third-Party Intermediaries (TPIs), those brokers and consultants who help businesses procure energy, are at the centre of it. With growing complexity, increasing regulation, and evolving customer expectations, the role of TPIs is shifting from price-focused brokers to strategic energy advisors. While renewable energy adoption continues to reshape...

Quick Commerce and the Retail Media Revolution

Sue Azari • 11th June 2025

Quick commerce has transformed the way consumers shop, redefining convenience with near-instant delivery of groceries, meals, and household essentials. However, beyond its impact on logistics and e-commerce, quick commerce is now emerging as a major force in digital advertising. As consumer behaviours shift toward on-demand purchases, these platforms are leveraging their vast first-party data and...

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...