Threat intelligence is a category of intelligence that focuses on information security. As defined by Gartner, it is “evidence-based knowledge...about an existing or emerging menace or hazard...to inform decisions regarding the subject's response to that menace or hazard.” Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps you make better decisions about how to prevent bad things occurring to you or your organisation.
To sustain a strong security posture, an organisation must develop and answer questions specific to the business, many of which must be answered continually as situations and environments evolve. Questions such as: will bringing in additional security solutions really give that much more additional protection? Is updating each and every legacy system worth the cost? Who are my enemies and how might they attack me? Threat intelligence helps organisations to tackle these questions and make more informed decisions with context.
There are generally three 'levels' of cyber-threat intelligence: strategic, operational and tactical, which serve different functions.
Focuses on assessing and mitigating current and future risks to businesses. As an example, a corporation releasing a new product or completing a merger will want to understand not only the potential impact but also the associated risks with the activity. This is particularly useful for CISOs and executive leadership who must justify budgets and make well informed investment decisions.
The combination of these different levels of threat intelligence give security teams the ability to know how to proactively and reactively respond to risks. This includes what solutions to use, how they should be leveraged, and even just who to keep an eye on.
A further look into Strategic Threat Intelligence
For example, if you are in the education sector, you may wonder what nation states and threat actor groups you should be concerned about, or where you need to focus your resources to reduce risk of an intrusion and theft of intellectual property.
Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber-attacks. By leveraging this data, organisations are better positioned to trade punches with tomorrow's threats.
Contributed by Justin Swisher, solutions manager, Anomali.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.