Considerable and mostly non technical look at the idea of 'Threat Intelligence'. Nicely done overview. From Recorded Future, a former collaborator to our enterprise.
Digital technologies lie at the heart of nearly every industry today. The automation and greater connectedness they afford have revolutionized the world’s economic and cultural institutions — but they’ve also brought risk in the form of cyberattacks. Threat intelligence, often synonymous with open source intelligence (OSINT) is knowledge that allows you to prevent or mitigate those attacks. Rooted in data, threat intelligence provides context — like who is attacking you, what their motivation and capabilities are, and what indicators of compromise in your systems to look for — that helps you make informed decisions about your security.
“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.” — Gartner
For more detailed overview of all things Threat Intelligence, download our comprehensive Threat Intelligence Handbook or keep reading below.
Why Is Threat Intelligence Important?
Today, the cybersecurity industry faces numerous challenges — increasingly persistent and devious threat actors, a daily flood of data full of extraneous information and false alarms across multiple, unconnected security systems, and a serious shortage of skilled professionals. Additionally, the attack surfaces organizations have to understand and protect are bigger now than ever before. Threats aren’t coming from one angle, organizations need to understand business risk from cyber attacks, physical security and operational disruptions, attacks on their reputation, and more.
Some organizations try to incorporate threat data feeds into their network, but don’t know what to do with all that extra data, adding to the burden of analysts who may not have the tools to decide what to prioritize and what to ignore.
A threat intelligence solution can address each of these issues. The best solutions use a combination of machine learning to automate data collection and processing, integrate with your existing solutions, take in unstructured data from disparate sources, and then connect the dots by providing context on indicators of compromise (IoCs) and the tactics, techniques, and procedures (TTPs) of threat actors.
Threat intelligence is actionable — it’s timely, provides context, and is able to be understood by the people in charge of making decisions.
Who Can Benefit From Threat Intelligence?
All security & risk teams and leaders! Threat intelligence is widely imagined to be the domain of elite analysts. In reality, it adds value across security functions for organizations of all sizes.
When threat intelligence is treated as a separate function within a broader security team rather than an essential component that augments every other function, the result is that many of the people who would benefit the most from threat intelligence don’t have access to it when they need it.
Security operations teams are routinely unable to process the alerts they receive — threat intelligence integrates with the security solutions you already use, helping automatically prioritize and filter alerts and other threats. Vulnerability management teams can more accurately prioritize the most important vulnerabilities with access to the external insights and context provided by threat intelligence. And fraud prevention, risk analysis, and other high-level security processes are enriched by the understanding of the current threat landscape that threat intelligence provides, including key insights on threat actors, their tactics, techniques, and procedures, and more from data sources across the web. .... '
No comments:
Post a Comment