Cyber Threat Intelligence
Threat intelligence solutions gather raw data about emerging or existing threat actors and threats from a number of sources. This data is then analyzed and filtered to produce threat intel feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organizations informed of the risks of advanced persistent threats, zero-day threats and exploits, and how to protect against them.
Cyber Threat Intelligence's key mission is to research and analyze trends and technical developments in three areas: -
- Cybercrime
- Hacktivism
- Cyberespionage (advanced persistent threat, APT or Cyber spying)
Benefits of tactical cyber intelligence: -
Provides context and relevance to a large amount of data
✓ Empowers organizations to develop a proactive cybersecurity posture and to
bolster overall risk management policies
✓ Informs better decision-making during and following the detection of a cyber
intrusion
✓ Drives momentum toward a cybersecurity posture that is predictive, not just
reactive
✓ Enables improved detection of advanced threats
Challenges and Controversies on the value of cyber threat intelligence:
There are also challenges that cyber threat intelligence research is facing, including some controversies on the value of threat intelligence and whether it really works. Different experts have voiced their concerns on whether Threat Intelligence is really effective in its current state. Conversely, others have argued that Threat Intelligence can help identify vulnerabilities and ways to resolve them
Key Elements:
Cyber threat data or information with the following key elements are considered as cyber threat intelligence:
- Evidence based: cyber threat evidence may be obtained from
malware analysis to be sure the threat is valid - Utility: there needs to have some utility for organization to have a
positive impact on security incidents - Actionable: the gained cyber threat intelligence should drive
security control action, not only data or information