Share Blog post
- Open-source Threat Data feeds
- Commercial Threat Intel providers
- Security Advisories by vendors
- Alerts from Law enforcement or Regulators
- Threat research reports, whitepapers, blogs, etc.
- Information Sharing communities
- In-house Threat Intelligence
- Security notifications from Partner organizations
- Social Media platforms
- Dark Web Intelligence
The Indicators That Matter
Finding Needles in a Haystack
- Combination of machine and human intellect - Threat analysts possess experience in spotting anomalies or malicious indicators out of large volumes of data. However, their efforts can be enhanced with the help of an advanced Threat Intel Platform that can provide automated ingestion, validation, filtering of threat data from various sources. In addition to that, human intelligence can also be used to train machine models to improve detection of such anomalies over time.
- Focus on context - Organizations must look for contextual intelligence i.e. information that is particularly relevant in their specific threat environment. Just as every piece of news is not relevant for every person, security teams also need to separate the wheat from the chaff and identify threats with the most impact on their organization. Analysts can score indicators on the basis of a variety of factors such as geo-location, timestamp, affected industry, and more. This can help rank order and prioritize threat indicators for further analysis or investigation and reduce overall triage time.
- Diving deeper into adversary behavior - Medical doctors are taught to treat the root cause of an illness rather than merely treating the symptoms. In the same way, security teams must study adversary behavior to prevent malicious activity at its source rather than just blocking threats based on malicious indicators. By leveraging adversary behavior-based indicators such as TTPs, organizations can ensure a more effective application of the threat intel in their security operations.
- Unite and conquer - Every organization has a limited amount of resources dedicated to securing their operations. However, threat actors, on the other hand, learn from each other to further their malicious activities. Thus, organizations defending against them must also enhance their defense by exchanging intelligence and learnings from their own CTI operations. By unifying threat intel from internal and external sources and exchanging relevant intel with trusted partners, organizations can reap a greater return from their threat intel activities.
- Improving Threat Intel program maturity - Threat Intelligence can have an impact on many functions within an organization. Using threat intel, security teams can better prioritize their threat mitigation efforts, management staff can better allocate resources, senior executives can realign the organization’s cybersecurity strategy, and much more. However, this requires appropriate communication of threat intel with stakeholders and staff members at various levels. With this, threat intel can create a synergy between all the involved parties in managing the organization’s cyber risks.
Posted on: December 05, 2019
Get the Cyware Blog delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...