Threat intelligence
Threat intelligence is the "cyclical practice" of planning, collecting, processing, analyzing and disseminating information that poses a threat to applications and systems. Threat intelligence collects information in real-time to showcase the threat landscape for identifying threats to a computer, application or network. This information is gathered from a number of resources and compiled into a single database enabling visibility into vulnerabilities and exploits actively being used on the internet (in the wild) by threat actors. Threat intelligence is not to be confused with vulnerability management.
Platforms exist that enable the automation of threat intelligence. These platforms are commonly referred to as "TIPs" or Threat Intelligence Platforms. Security analysts utilize these platforms for their collection of data and automation.
A threat intelligence platform is typically used by Security Operations Center Teams (SOC) for day to day threat response and events as they occur. Generalized Threat Intelligence teams use the platform to make educated predictions based on actors, campaigns, industry targets as well as platform (network, application, hardware) targets. Management and Executive teams use the platform for reporting and share data at high levels to better understand their threat posture.
A TIP is a packaged product that obtains information from multiple resources and automates intelligence by managing, collecting and integrating with various platforms. Anomali provides a threat intelligence model based on their intelligence platform. Some have defined threat intelligence as including data of sensors or honeypots deployed across the internet and the darkweb, these traps provide advance metrics on the state of the internet and intent of adversaries. Examples of such companies technologies include Lupovis.io,[1] Orpheus-Cyber,[2] Flashpoint,[3] and others. Other types of threat intelligence might include automated darkweb scanning, mass internet scanning, or tactics techniques and procedures gathering, which attempts to tie together adversary strategies in order to increase the defender's understanding and provide them with situational awareness.
See also
References
- "What is Cyber Threat Intelligence?" (in en-US). 2015-10-26. https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/.
- "Netscout Threat Intelligence Report" (in en-US). https://www.netscout.com/threatreport.
- (in en) Cyber Threat Intelligence. 2018-03-28. https://www.mitre.org/capabilities/cybersecurity/cyber-threat-intelligence.
- "Threat Intelligence & Assessments". https://www.nsa.gov/What-We-Do/Cybersecurity/Threat-Intelligence-Assessments/.
- "What Are the Different Types of Cyberthreat Intelligence?" (in en). 2018-06-04. https://securityintelligence.com/what-are-the-different-types-of-cyberthreat-intelligence/.
- "CTIIC Home". https://www.dni.gov/index.php/ctiic-home.
External links
- https://dl.acm.org/doi/10.1145/3243734.3243829
- https://www.darkreading.com/threat-intelligence.asp
- https://securityintelligence.com/posts/chess-entropy-patterns-threat-intelligence-models/
- https://patents.google.com/patent/US8813228B2/en
- https://dl.acm.org/doi/abs/10.1145/3243734.3243829
- https://pennstate.pure.elsevier.com/en/publications/network-security-situation-awareness-framework-based-on-threat-in
- http://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf
- https://ieeexplore.ieee.org/abstract/document/7568916
 |
