The Who’s Who of Cyber Threat Intelligence

Blog Date:  2/26/2017
Author:  Ray Coulombe

What was once reserved for the most top-secret conservations is now available to a larger group of people. Cyber threat intelligence is a strategic and operational procedure to fuel many processes and risk management decisions. It also needs to fit your audience because cyber threat intelligence means different things to different people within your company.

Here’s our breakdown of what this means:

Threat intel is presented through Indicators of Compromise (IoCs) or threat feeds. This requires organizations to understand themselves and the adversary in order to make sense of information. If the company doesn’t understand its assets, personnel, administration, and infrastructure, how can it know where there might be opportunity for attacks?

Threat intelligence is analyzed information about the intent, opportunity, and capability of malicious actors. The information has to go through the intelligence lifecycle: plan, collect, process, produce, and disseminate information. Taking this data and applying it to helping identify major threats is how to start looking at this intelligence.

This makes the planning phase vital: If an organization is receiving threat intelligence but doesn’t know how to identify what information is applicable, the intel is useless. The ability to produce or consume threat intelligence tailored to your organization can provide actionable strategic choices to greatly impact security.

So who has a role in cyber intelligence throughout your company? Here are some key roles within the organization that should use cyber threat intelligence.

Defenders
Cyber Threat Intelligence (CTI) adds value to your incident response process. Proactively, CTI helps defenders plan for possible security breaches. Defenders can ensure they have the right plan to put into action if necessary, when provided the right information. From a reactionary perspective, defenders have to research and understand what happened after a breach occurs. How did the attack happen? What was exploited? What paths are at stake? With CTI, defenders can answer these questions.

Vulnerability Management Teams
Threat intelligence can provide insights into what controls mitigate a specific vulnerability. They also help you to understand if you’re applying the right resources to the right controls. Applying finished threat intelligence to daily cyber security processes improves decision-making and focus when it comes to vulnerability remediation.

Threat Analysts
The best threat analysts always have intel and security expertise. Strategic threat intel provides the big picture in terms of trends to focus on based on how others are being impacted by specific threats. Operational intel provides high-level analysis and understanding. What path did an adversary use to gain access? Are we well positioned from a cyber security perspective? Why or why not?

Executives and BoD’s
Business executives generally do not understand the details of cyber security; they care about managing risk to their organization. Strategic threat intelligence can help them understand the risk generated by a defined threat: What’s the impact? What resources are needed to reduce risk to an acceptable level? Ultimately strategic and operational threat intelligence should be used by many different roles in your organization to make more informed decisions around risk management, threat prevention and incident response. It’s about all team members making sound decisions at every level in the process to avoid threats.

 

Resource Blogs

Most Recent Blog List for Blog Author: Ray Coulombe

Security Specifier Blog List Image for  Stay Safe! While Traveling This Summer

Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->

Security Specifier Blog List Image for Rethinking Cabling

Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->

Security Specifier Blog List Image for Off the Beaten Path at ISC West

Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->

Security Specifier Blog List Image for Cyber Crime Taking Down Cities

Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->

Security Specifier Blog List Image for A Few Thoughts on K-12 School Security

A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->


>