Threat Intelligence

What does Threat Intelligence mean?

While great connectedness thanks to the Internet of Things and expanding network systems facilitated everyone’s life, this virtual revolution has also brought on a plethora of various forms of cyberattacks. Unfortunately, we have witnessed an increase of digital attacks due to the Covid-19 pandemic and remote working.

Gartner describes Threat Intelligence as:

“… evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.” [1]

The six-part cycle to providing a Threat Intelligence Solution

Threat actors, an array of data consisting of indecipherable information, and fake alerts together with disparate security systems, and a shortage of experts, are just a few of the challenges the cybersecurity industry is finding hard to manage nowadays.

Threat intelligence, however, gives context and can be acted on once it is understood by decision-makers. It is a completed solution resulting from a six-part cycle of data collection, processing and evaluation. Every process demands a set of questions and an identification of lacunae whilst intelligence is being developed. This, in turn, is followed by new collection requirements. The best intelligence programs are revised and refined over time.

The first step of this cycle requires Planning and Direction by asking the correct questions. This is then followed by a collection of data resulting from different sources, such as malicious IP addresses, domains, past incident responses as well as external sources like the dark web. The next parts of the cycle are analysis, dissemination and feedback as the information gathered is evaluated, processed and distributed to the customers.

Three different types of Threat Intelligence

Threat Intelligence can be Strategic, Tactical or Operational.

Strategic Intelligence typically addresses a non-technical audience and common sources of information for strategic threat intelligence include policy documents, news, or white papers and research reports.

It also involves expertise outside the cybersecurity field such as the business and socio-political industries.

Tactical Threat Intelligence usually delineates tactics, techniques and procedures of the attackers. It includes a technical context and requires the skills of system architects, administrators and security staff. Information in reports includes the attacks vectors, tools and tools threat actors might be exploiting.

Operational Intelligence addresses knowledge of specific attacks and campaigns. This is also referred to as technical threat intelligence and is difficult to address as it requires breaking through private or encrypted channels, sources like chat rooms and social media as well as codenames.

Machine- learning processes for mechanised data collection can be the solution to overcome such issues.

Who Could Benefit from Threat Intelligence?

Cyber threat Intelligence can be beneficial to government entities from senior executives, police members in senior ranks as well as policy officers, not to mention those in the cyber field themselves. It allows insights into cyber threats and permits a more targeted reaction and response.[2]

[1] https://www.recordedfuture.com/threat-intelligence/

[2] https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/