About Strategic Threat Intelligence

Uploaded on 2018-03-23 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

Threat intelligence is a category of intelligence that focuses on information security. As defined by Gartner, it is “evidence-based knowledge…about an existing or emerging menace or hazard…to inform decisions regarding the subject’s response to that menace or hazard.”

Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps you make better decisions about how to prevent bad things occurring to you or your organisation.

In order to sustain a strong security posture, an organisation must develop and answer questions specific to the business, many of which must be answered continually as situations and environments evolve.

Questions such as: will bringing in additional security solutions really give that much more additional protection? Is updating each and every legacy system worth the cost? Who are my enemies and how might they attack me? Threat intelligence helps organisations to tackle these questions and make more informed decisions with context.

There are generally three ’levels’ of cyber threat intelligence: strategic, operational and tactical, which serve different functions.

  • Strategic intelligence (who/why)
    Focuses on assessing and mitigating current and future risks to businesses. As an example, a corporation releasing a new product or completing a merger will want to understand not only the potential impact but also the associated risks with the activity. This is particularly useful for CISOs and executive leadership who must justify budgets and make well informed investment decisions.
  • Operational intelligence (how/where)
    Helps fuel meaningful detection, incident response and threat hunting programs. This level of intelligence enables information security teams to identify patterns in attacks, from which logical system rules can be developed that can then detect specific indicators of malicious activity.
  • Tactical intelligence (what)
    Provides a reference material for analysts to interpret and extract context for use in defensive operations. This intelligence comes in the form of Indicators of Compromise (IOCs), which include items such as domains or IPs. Indicators are often changed quickly though, meaning that it is important for operational and strategic intelligence to also be incorporated into decisions.

The combination of these different levels of threat intelligence give security teams the ability to know how to proactively and reactively respond to risks. This includes what solutions to use, how they should be leveraged, and even just who to keep an eye on.

A Further look into Strategic Threat Intelligence

Strategic intelligence gives the bigger picture, looking at how threats and cyber-attacks are changing over time. Common focuses of strategic intelligence include historical trends, motivations, or attributions as to who is behind an attack.

With strategic intelligence, you can answer questions like who is attacking your organisation and why?? Why are you within scope for an attack? What major trends are happening? What can you do to reduce your risk profile? All of this helps to profile your adversaries and provide clues to their future operations and tactics.
All of this makes strategic intelligence a solid starting point for deciding which defensive measures will be most effective.

This gives insight into the following:

  • Targeting trends for industry sectors and geographies
  • Major attacker Tactics, Techniques and Procedures (TTP) changes over time
  • Attribution for intrusions and data breaches
  • Mapping cyber-attacks to geopolitical conflicts and events (South China Sea, Arab Spring, Russia-Ukraine)
  • Threat actor group trends
  • Global statistics on breaches, malware and information theft
  • Carrying out a thorough risk analysis and review of the entire technology supply chain
  • Informing your executive leadership about high risk threat actors, relevant risk scenarios, and threat exposure in the public-facing technology sphere and criminal underground
  • Learning which commercial ventures, vendors, partners, and technology products are most likely to increase or decrease risk to your enterprise environment

For example, if you are in the education sector, you may wonder what nation states and threat actor groups you should be concerned about, or where you need to focus your resources to reduce risk of an intrusion and theft of intellectual property.

Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber-attacks.

By leveraging this data, organisations are better positioned to trade punches with tomorrow’s threats.

Information Security Buzz

You Migh Also Read: 

Does Fake News Affect Threat Intelligence?:

Employees Are Still The Cause Of Most Cyber Breaches:

 

 

« Cybercrime Costs Londoners £26m Every Month
Cambridge Analytica Claim To Sway Elections With Facebook Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

IONU Security

IONU Security

IONU offer a security platform focused specifically on providing Data-centric Security.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.