Military general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War. It is still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. While threat intelligence is a relatively new discipline in our cyber defence processes, it’s been around for over 2,500 years.
Threat intelligence was central to Sun Tzu’s winning strategies. It is also foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions.
Most cybersecurity professionals are familiar with this widely referenced quote by Sun Tzu: “If you know others and know yourself, you will not be beaten in one hundred battles. If you do not know others but know yourself, you will win one and lose one. If you do not know others and do not know yourself, you will be beaten in every single battle.”
According to Sun Tzu, the first step in awareness is information gathering. It includes information about yourself – your assets, priorities, strengths and vulnerabilities. You must also know your enemy – who and where they are, their size, the types of weapons they use, their motivation, and their tactics and techniques. This information drives basic decisions – is this a threat or not, should we fight or flee, and what actions should we take?
Then comes the most important step – calculations. As Sun Tzu said, “The general who wins a battle makes many calculations before and during the battle. The general who loses makes hardly any calculations. This is why many calculations lead to victory and few calculations lead to defeat.”
We should not act on the basis of raw data. Instead, we need information gained by examining the data for relevance, priority and other situational information. On the battlefield, this includes terrain and weather conditions. The goal is to apply context to data to have the right information at the right place and time.
From The Shadows Emerges Knowledge