Threat Intelligence: A Deep Dive

Dec 13, 2019 06:00 am Cyber Security 325

Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a threat intelligence capability. Readers will understand how to make threat intelligence relevant, actionable, and effectively communicated to a myriad of stakeholders. The blog includes best practices of threat intelligence, as well as some free tools and resources along the way.

What is Threat Intelligence? An Overview

Threat intelligence has many competing interpretations and definitions, but Gartner’s threat intelligence definition is a good starting point:

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Wrapped up within this definition are two salient themes that we will return to:

Threat Intelligence is focused on informing a decision-maker and improving their decisions. The Threat Intelligence function within a business can be as a standalone function, particularly within more mature organizations or sector with a lower risk tolerance, but more often it is a function of an individual within a security team. This function can serve multiple stakeholders within the business, including incident responders, threat hunters, and management.

Focuses on the threat, not risk. “Threat” is just one component of “Risk”. Some frameworks, such as FAIR (Factor Analysis of Information Risk), help to bring this all together into a richer framework.