Cyber Threat Intelligence Part 1 — Quick Introduction to Cyber Threat Intelligence
Cyber threat intelligence is the practice of analyzing and understanding the threats, risks, and vulnerabilities associated with computer systems, networks, and digital assets. It involves collecting, analyzing, and disseminating information about potential cyber threats, including the tactics, techniques, and procedures (TTPs) used by threat actors, their motivations, and their capabilities.
Having cyber threat intelligence capability helps organizations identify and mitigate potential cyber threats before they can cause harm. It can help make informed decisions about cybersecurity investments, policies, and practices. It also helps organizations better understand the potential impact of cyber threats on their day-to-day operations.
Cyber threat intelligence can be generated through a variety of sources, including open-source intelligence, human intelligence, and technical intelligence. It is often used by security teams, cyber security incident responders, and other stakeholders to inform their decision-making and response to potential cyber threats.
While information and intelligence are similar concepts, there are a few differences between both in relation to the insights and value each provides.
Information refers to raw data or facts that have been collected and organized in a structured way. These raw data can be sourced from multiple sources such as social media (Twitter, Facebook). Information can provide a snapshot of a context but it may not always be complete or contextual.
Intelligence converts the raw data (information) into contextual intelligence. Information is converted into intelligence by evaluation, analysis, and interpretation. This process also involves the identification of trends and patterns.
Intelligence enables you to realize the true power of information. It allows you to understand the problem space, its root cause, its impact, how it can be addressed and even predict it before its occurrence.
Intelligence is usually sourced from a collection, evaluation, analysis, and interpretation of open-source intelligence, human intelligence
and other technical intelligence. Intelligence is subject to interpretation and can assist in making informed strategic decisions.
With ever-evolving threats on the internet, there is a key need to understand, manage and utilize Cybersecurity Threat Intelligence (CTI). Using CTI can help an organization to:
1. Reveal threat motives and adversarial actions including Tactics, Techniques, and Procedures
2. Helps understand threat actors’ decision-making process and provides insights on their planning, execution, and threat skill sets.
3. Helps an organization’s executive decision process making in understanding the changing threat scenario.
4. Helps strategic decision-making process to ensure that funding is allocated to the correct resources to improve risk management and mitigation procedure.
In the next Topic, I will cover what is the skill set requirements for a Cyber Threat Analyst.
Thanks for reading and all feedback are welcome.