About Cyber Threat Intelligence 🔗︎
Attacks getting more sophisticated, and enterprises may be targeted from adversaries with various domains and motivations. Companies can no longer only work on an incident-by-incident basis, but leverage information on previous incidents to react faster to future incidents identification and mitigation. Incident observations and the intelligence gained from those events help to identify and possibly predict threats. With cyber threat intelligence, individuals as well as enterprises can apply and build their knowledge, skills, and experiences when engaging with attacks. While CTI is focused on the digital world, geopolitical parameters of the real world must not be left out to correctly understand an attack or threat and support decision makers in risk reduction.
Cyber threat intelligence is categorized into the following types:
- Strategic Threat Intelligence: Helps to map the threat landscape and support decision makers. Usually, this information is handwritten with less technical background.
- Tactical Threat Intelligence: Helps to understand threat actors as it applies TTPs for example with the Mitre ATT&CK framework. Such information is technical and includes technical context consumed by admins, security engineers, and security staffs. This information should also be used to improve security policies and defend organizations.
- Operational Threat Intelligence: Helps to understand cyber-attacks or malicious campaigns and is usually consumed by threat hunters and incident responders. It overlaps with tactical threat intelligence and includes information about attack vectors such as which domain is used to control infected systems.
With this categorization in place, each operational teams and personnel can consume the most relevant intelligence. All this information aims to support risk identification and risk reduction and may lead to actor attribution as they have various motivations.
Where to Use Cyber Threat Intelligence 🔗︎
Cyber threats are everywhere. The only way to truly protect your company and your clients is to have access to the right information. Cyber threat intelligence gives you the intelligence you need to stay ahead of hackers and keep your business safe.
It is important that cyber threat intelligence is tailored to the needs of each company. There are different types of intelligence platforms which can provide different types of information based on your area of business and what kind of data you are looking for.
Key Use Cases Involving Cyber Threat Intelligence 🔗︎
In this handbook, we will focus on the following 5 commonly known use cases that involve the usage of cyber threat intelligence:
- IoC Collection for Specific Threats
- Profiling Threat Actor Infrastructure
- Profiling Threat Actors
- Attack and TTP Analysis
- Vulnerability or Attack Surface Assessment