Threat Intelligence

What is Threat Intelligence?

Threat intelligence is the detailed knowledge which helps an organisation to prevent and mitigate cyber security risks. It provides you the information about adversary’s motivation,intention and capabilities to exploit the vulnerabilities and thus helps you in building a proactive strategy  against the potential security breaches as well as making informed decision for the cyber security of the organisation.

Threat Intelligence - Ethobridge

Types of Threat Intelligence

Tactical

Define tools,techniques and tacts adopted by threat actors and involves particular actions against them

Strategic

It includes information about trends of changing risk and threats

Operational

This type of Threat Intelligence involves information of specific attack and assess organisation's ability to determine future threats

Technical

Involves technical details of particular malware

Phases in Cyber Threat intelligence Lifecycle: 1. Planning &Direction 2.Collection 3.Processing 4.Analysis 5,Dissemination 6.Feedback

Planning & Direction :

In this step, goals and objectives are defined and prioritized for Threat Intelligence Program. These objectives are termed as Intelligence Requirements. It is very essential to understand which assets, services are needed to be protected and what will be the impact of losing them.

Collection :

It involves collection of data which will satisfy the Intelligence requirements set in the planning & direction phase. The data collection can be internal , such as logs of internal network traffic and security devices, or it can be external, such as dark web forums, data shared by other organisations and much more.

Processing :

in the next stage, the raw data collected is then processed. It is filtered and organized to make it usable for analysis purpose. Processing can be done manually or by using machines. Each processing methods involves different procedures and outcomes. Usually, the volume of raw data is huge and using automated methods can be more efficient and productive in this case.

Analysis :

The processed data is analysed and evaluated in accordance with Intelligence Requirements to make informed decisions.  Potential threats present in organisation’s environment are found and decision about evaluation of those threats, strategies to prevent them and security measures etcetera are made. The information must be presented in a way which is understood by the involved teams.
 

Dissemination :

It involves delivering finished Intelligences to the appropriate stakeholders in a timely manner.

Feedback :

The stakeholders then evaluate the final intelligence to ensure that it matches with the objectives and provide their feedback to help in improvising future Threat Intelligence Programs.