Cyber Threat Intell...
 
Notifications
Clear all

Cyber Threat Intelligence RFP

8 Posts
6 Users
0 Likes
852 Views
(@michelle007)
Posts: 14
Active Member
Topic starter
 

Dear all,

Our Bank's Incident response team going to avail Cyber Threat Intelligence (CTI) premium service and requested to create RFP for CTI. can anyone share sample RFP for CTI

 
Posted : 12/08/2017 11:33 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Brilliant.

Yet another organisation that has jumped upon the CTI bandwagon and are trying to position themselves selling premium services in a field they haven't got a clue how to deliver any value to potential customers.

Good luck with that.

 
Posted : 13/08/2017 2:36 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

CTI usually comes from any Cyber Threat Alliance CTA or an IT security vendor's big database like Wildfire (PAN). But only locally 'collected' CTI is useless. The picture is too tiny. It seems that internal incident teams search for more self-legitimation to fill their 24x7 presence.

All-in-all worthless.

 
Posted : 13/08/2017 8:41 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

CTI usually comes from any Cyber Threat Alliance CTA or an IT security vendor's big database like Wildfire (PAN). But only locally 'collected' CTI is useless. The picture is too tiny. It seems that internal incident teams search for more self-legitimation to fill their 24x7 presence.

All-in-all worthless.

It's not that, its that some people who do IR think they can throw up a CTI team and start delivering in a month or so just with a bunch of papers. It's WAY more complex than indicators. procedures and a bunch of reports.

There is also nothing called "local CTI", unless the I stands for indicators, and just subscribing to external sources and flooding oneself with indicators really don't help that much. I've been to interviews to a few IR positions at SOCs and most of them cannot tell CTI from their own a*s.

 
Posted : 14/08/2017 4:48 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Absolutely. CTI as a Service is suboptimal as only internal IT teams really know their vulns and can define with their Sales and Mgmt their specific attack vectors. Dividing the company into zones differently leveled by risk helps to fight against targeted APTs. People not understanding lateral movement or credentials steeling together with no Forensic Readyness concepts are not close enough. CTI as a Service I would never outsource. DIY and sharpen your people's awareness with technical countermeasures to improve IT security.

 
Posted : 14/08/2017 12:54 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Dear all,

Our Bank's Incident response team going to avail Cyber Threat Intelligence (CTI) premium service and requested to create RFP for CTI. can anyone share sample RFP for CTI

Some quick Google-ification turned up

http//www.rfpdb.com/view/document/name/IT-SECURITY-THREAT-ANALYSIS_2016_S_024%7CIT%7CSEC%7CTHREAT%7CANALYSIS

https://www.merx.com/English/SUPPLIER_Menu.asp?WCE=Show&TAB=1&PORTAL=MERX&State=7&id=264629&print=Y&src=osr&ForceLID=&HID=&hcode=Jrc1MmTxldKqpyQHFyTnYQ%3D%3D

 
Posted : 15/08/2017 5:37 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Some quick Google-ification turned up

http//www.rfpdb.com/view/document/name/IT-SECURITY-THREAT-ANALYSIS_2016_S_024%7CIT%7CSEC%7CTHREAT%7CANALYSIS

I suspect that this is a good example of how the Government (in this case the US, but I guess can apply everywhere) works (or completely fails to).
4th line of the document

Type RFP

First paragraph

THIS IS A SOURCES SOUGHT ANNOUNCEMENT ONLY TO PRE-QUALIFY VENDORS. THERE IS NO SOLICITATION AVAILABLE AT THIS TIME. THIS IS NOT A FORMAL REQUEST FOR PROPOSAL.

Beginning of last paragraph

THIS IS NOT A REQUEST FOR PROPOSAL.

😯

It's a RFP, but no, it is in not a formal one, but no it is not a RFP at all….
D

jaclaz

 
Posted : 15/08/2017 8:51 pm
pbobby
(@pbobby)
Posts: 239
Estimable Member
 

Brilliant.

Yet another organisation that has jumped upon the CTI bandwagon and are trying to position themselves selling premium services in a field they haven't got a clue how to deliver any value to potential customers.

Good luck with that.

She wants RFP assistance in purchasing CTI assistance, not making a CTI organization.

 
Posted : 17/08/2017 6:43 pm
Share: