Defining Security Intelligence

Several years ago, Q1 Labs (now part of IBM Security) introduced the term “Security Intelligence” to describe the value organizations can gain from their security data by treating this information like they do the outputs produced from other business functions.

We always hoped it would catch on, and it certainly has!  Lately, we’re seeing this term being used more and more by customers, vendors, pundits and industry experts-  but what’s interesting is how no one seems to be describing the same concept.

To avoid confusion, I thought it was about time we post our definition, and open this up to your thoughts and comments.  So here it is.

Definition of Security Intelligence

Security Intelligence (SI) is the real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise. The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.