Cyber Threat Intelligence
Companies, educational institutions, hospitals, government agencies all face cyber threats. Cyber threat intelligence is actionable intelligence used to preempt attacks, to respond quickly, decisively, and effectively to confirmed breaches. According to Ernst & Young:
Cyber threat intelligence (CTI) is an advanced process that enables the organization to gather valuable insights based on the analysis of contextual and situational risks and can be tailored to the organization’s specific threat landscape, its industry and markets. This intelligence can make a significant difference to the organization’s ability to anticipate breaches before they occur, and its ability to respond quickly, decisively and effectively to confirmed breaches — proactively maneuvering defense mechanisms into place, prior to and during the attack. (EY, 2014)
According to Forrester, Actionable intelligence is accurate, aligned with your intelligence requirements, integrated, predictive, relevant, tailored, timely. (Holland, 2014)
According to iSIGHT Partners, “There’s a very clear distinction between Threat Intelligence and Threat Data:”
THREAT INTELLIGENCE
-
Actionable intelligence
-
Based on Multiple Collection Methods
-
Answers Who/What? Actors Groups Gov’t Sponsors
-
Why/When? Motivation, Intent, Capabilities
-
How? Methods, Play Books
THREAT DATA
-
One dimensional data
-
Narrow collection focus
-
No or limited validation and analysis
-
High noise-to-signal = many false positives
-
Increased alerts = wasted effort
-
Little/no prioritization context (iSIGHT Partners, 2014)
​
Therefore, choosing Threat Intelligence over Threat Data is crucial in developing a successful Cyber Threat Intelligence Plan.
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
EY. (2014, November). Cyber threat intelligence - how to get ahead of cybercrime.
Holland, R. (2014, February 12). Actionable Intelligence, Meet Terry Tate, Office Linebacker. Retrieved from FORRESTER:
https://go.forrester.com/blogs/14-02-11-actionable_intelligence_meet_terry_tate_office_linebacker/
iSIGHT Partners. (2014). Retrieved from https://www.cyberva.virginia.gov/media/governorvirginiagov/cyber-va/documents/cyber-va-past-
meeting-materials/isightpartnersthe-cyber-threat-intelligence-expertsv1.pptx