Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them. It ranges from collecting intelligence on the dark web to identifying adversarial signatures of tools and networks. And, it starts with data.
“Data is collected from sources where threat actors congregate and operate, such as deep and dark web forums, chat platforms, and open web sources, such as paste sites,” explains Josh Lefkowitz of Flashpoint.
But data alone isn’t intelligence. “Threat intelligence is information that is relevant to the organization, has business value, and is actionable. To do this properly, organizations need the right collection methods, as well as a human team to vet and remove false positives,” says Jeremy Hass of LookingGlass.
Lefkowitz clarifies further: “Threat intelligence brings additional context to data about threats and adversaries targeting organizations.”
The Benefits of Threat Intelligence
Security organizations—particularly those that are struggling with a skills shortage—can benefit from threat intelligence. Threat intelligence can give teams the ability to defend against cyberattacks before they enter the network.
Hass explains: “Threat intelligence provides the indicators and warnings organizations need to proactively defend their enterprise from threats emanating from outside their perimeter. It is only useful to an organization if it is timely, relevant, and actionable. Our customer ..