USI Security Tips

What is Threat Intelligence?

October 05, 2020

Depositphotos_112952046_xl-2015

Threat intelligence or cyber threat intelligence is information about threats that can hopefully help mitigate harmful cyber threats and hackers. The information is not the same as raw data, it has to be analyzed and processed first in order to gain actionable insight. In other words, threat intelligence is what becomes of raw data after it has been analyzed in order to make informed decisions. In this blog, we’ll go into more detail about the types of threat intelligence, how it works and why it’s important. 

Threat Intelligence Lifecycle 

Threat intelligence functions in a circular process, otherwise known as a lifecycle. The reason it's a cycle is that new knowledge gaps or questions can come up along the process which could potentially generate new collection requirements. There are six phases that make up the threat intelligence cycle: 

  • Planning and direction: The requirements for data collection need to be defined first in order to ask the right questions and generate information. 
  • Collection: After defining requirements, the raw data about current or future threats need to be gathered. This can be done using various sources such as internal logs and records. 
  • Processing: collected data is then organized with metadata tags. Any false positives, false negatives or redundant information can be filtered out. 
  • Analysis: processed data now needs to be analyzed, this will produce cyber threat intelligence feeds that analysts will use to look for indicators of compromise (IOC). IOCs often consist of suspicious links, emails or email attachments. 
  • Dissemination: the results of the analysis is then sent to the right persons. This information will be tracked so there’s continuity carried over cycle to cycle. 
  • Feedback: whoever has requested the threat intelligence now needs to determine if their requirements were met. 

Types of Threat Intelligence 

There are different types of intelligence that are based on the initial requirements needed. The following are three types of threat intelligence:

  • Strategic: this usually covers long-term, non-technical issues. Strategic threat intelligence can generate a bigger picture of the intent of cyber threats to help make informed decisions and prompt warnings. 
  • Tactical: tactical threat intelligence focuses on the day-to-day operations to detect IOCs. 
  • Operational: This form of threat intelligence is often related to specific attacks or malware, and is highly technical. Operational threat intelligence may be in the form of a forensic cyber threat intelligence report.

The Importance of Threat Intelligence

With the uprise of cyber threats and hackers today, threat intelligence can help organizations gain the information they need to detect and identify threats, and ultimately protect themselves from future attacks. For example, if an organization could learn the patterns of hackers, they can implement the proper defense system to avoid things like data breaches, malware attacks, or fraud. If your business cares about the security of your employees and data, threat intelligence can maximize your security efforts, and help you make informed decisions about how to reduce risk. 

   Contact USI Security   

Recent Posts

Security Risk Assessment