WHY DOES THIS GUIDE EXIST?
Recent years have witnessed growing awareness of the benefits offered by a “threatinformed” approach to defense. Most notably, orientation towards the relatively narrower range of possible adversary behaviors provides defenders far more focus than trying to “boil the ocean” of patching each newly reported vulnerability, for example.1 While growing awareness is an extremely welcome trend, defenders continue to face common practical obstacles to implementing threat-informed defense. Most prominently, too many threats exist in today’s landscape for any single team to reliably track and defend against every one.
The concept of threat profiling offers the potential for threat prioritization, but even when security leaders choose to pursue it, misconceptions over its validity and utility and the lack of a clear and repeatable approach to profiling – as it relates to organization-wide threats – have all hampered its adoption. Even when teams do take steps to prioritize threats, efforts often prolong (in many cases indefinitely) or are impeded by a need for deep intelligence subject matter expertise.
If you are entirely new to the threat profiling discipline and the value of threat prioritization, start with the full introduction presented in Chapter 1. More background on the factors that have traditionally hampered threat profiling’s adoption can be found in Chapter 2. Readers will find the core content of this resource, Tidal’s recommended approach to threat profiling and how this approach addresses existing profiling obstacles, in Chapter 3.