Why Threat Intelligence?
The power to predict future attacks even before they reach targeted networks can help organizations prioritize their responses, speeding up the decision-making process as well as response time, providing better security altogether. This is one of the importance of threat intelligence.
To enhance security posture of your organization, threat intelligence is needed. It helps in gathering actionable data(IOCs), evaluating security posture and staying on track with the latest modes of attacks among others.
What is Threat Intelligence?
Threat Intelligence is the information that organizations use to understand cyber attackers(threats) to their organization. This includes techniques that allows analyst to identify attacks in their network which enables them to adequately respond or prepare for future attacks. In simple words, “Threat intelligence is data on threats.”
Threat intelligence should be informative an actionable. It should contain information that are clear and can drive actions E.g having an intelligence report that includes, Ip addresses, domain addresses, file names associated. This are information that can be put into action by searching your infrastructures using to determine if there has been an infection using provided information in the threat Intelligence.
One of the primary benefits of threat intelligence is that it helps security professionals better understand the adversary’s decision-making process. For example, if you know which vulnerabilities an adversary is exploiting, you can choose the technologies and patching activities that will best mitigate exposure to those vulnerabilities. – Crowdstrike
Type of Threat Intelligence.
There are three types of threat intelligence- This are strategic, tactical and operational threat intelligence.
Strategic Threat Intelligence
Strategic threat intelligence examines trends in in cyber-attacks, what cyber threats are prevalent and what industries are major targets. Strategic threat intelligence informs the senior management (CISO/ CIO) about security risks and controls that should be in place to ensure that organisation is addressing threat landscape.
It answers the question.
WHO is the adversary?
WHY are they targeting you?
WHERE have they attacked prior to attacking you?
Tactical Threat Intelligence
This provides information which consists of Indicators of Compromise (IOC)/ Tactics, Techniques and Procedure (TTP). This is the most basic form of intelligence and it is often used for detection of threats, and for incident responders to search for specific known signatures.
Tactical Intelligence answers the WHAT and WHEN question.
WHAT tool does the attacker use?
WHEN are those attacks carried out
Operational Threat Intelligence
Operational Threat Intelligence gives data and information about the goal of a cyber-attack. This provides context for security events and incidents. This intelligence is mostly uncovered by forensic investigators and incident responders. This includes -tools for a particular threat group, emerging tactics, techniques and procedures among others
Threat intelligence gives you a visibility of your security posture and alerts you about potential threats coming your way.To stay up to date with threat intelligence, you need to be in sync with threat intelligence reports. There are several third parties that collect and gather cyber threat intelligence. This Includes; FireEye – a leading source in threat intelligence. They create and publish an annual threat report and regularly publish threat intelligence reports, Crowdstrike, Palo Alto- Unit42, Cylance blog and a host of others