What is Threat Intelligence?
Over the past couple of years, cyber threat intelligence has become a hot topic, particularly given the number of high profile hacks that we have seen and the growing buzz around data security. Threat intelligence is simply what it sounds like, intelligence that can have numerous benefits when it comes to preparing for, and protecting against, the growing number of cyber threats to a business. Gartner has provided a useful definition of threat intelligence as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” Properly used, cyber threat intelligence can deliver real returns to your business.
Information vs intelligence
As a starting point, there is a difference between intelligence and information. Primarily, information tends to be raw, unevaluated, broadly aggregated and not immediately actionable. Intelligence, on the other hand, is processed, evaluated, actionable and drawn from verified, up to date and correct sources. The latter can be used for a whole range of different purposes within a business, for example:
– Allowing for better informed security strategy, in particular when it comes to threat response.
– Creating a direct link between security priorities and the risk management strategy of the business.
– Using real time information to enhance security technologies and prolong their lifespan.
– Allowing a business to take a proactive approach to security that is based on analysis of existing and potential threats.
Know your business
Perhaps the first step for any business is to ensure that there is understanding of how that business operates, from assets, to personnel, infrastructure to business operations. Without this, there are huge vulnerabilities that can be exploited by anyone with malicious intent. In-depth knowledge of the business ensures that issues can be spotted quickly and allows intelligence to be applied where it will be the most effective.
Why invest in threat intelligence?
Great threat intelligence requires a combination of human gathered intelligence and up to the minute and accurate technical intelligence. By investing in it you will be able to gain insight on:
People – those activists, hackers, criminals or even state organisations that may pose a threat.
Problems – identifying vulnerabilities, zero days and likely exposure points.
Realising threats – analysis of malware families, monitoring DDoS technology evolution and command and control infrastructures.
Taking action – what steps can be taken by you in your specific circumstances to head off specific threats.