Cyber Threat Intelligence
Cyber Threat Intelligence is the information that organizations use to assist them in proactively protecting against threats. It includes information from sources such as an organization’s network logs, incident responses, etc., open-source-intelligence (OSINT) from resources in the public domain, Government Advisories such as the FBI, information sharing and analysis centers (ISACs), and dark web intelligence (PaloAlto Networks, 2024).
There are three types of cyberthreat intelligence: namely strategic intelligence, tactical intelligence and operational intelligence. Strategic intelligence seeks to understand the intentions and capabilities of foreign threat actors. This is non-technical data which high-level decision makers within organizations use to create risk management strategies and programs.
Tactical intelligence seeks to comprehend how threat actors would attack an organization. It focuses on tactics, techniques, and procedures (TTPs).
Operational intelligence is about real-time data relating to specific incoming attacks. It could be used in incident response and to thwart likely attacks.
In a threat intelligence program, once the purpose and objectives have been defined and the threat intelligence team starts the collection of data, there are four additional steps through which this process evolves.
(SentenelOne, 2024)
The data is normalized into unform file formats, indexed for searching, filtered for redundancy and false data, prioritized, and organized based on analysts’ needs (Chowdhury, 2024).
In the analysis phase, the data is analyzed in depth to identify patterns, trends, and potential threats, and uncover hidden insights though employment of various techniques. Once analyzed, actionable data intelligence is first tailored for specific needs and then distributed to relevant stakeholders, executives, SOCs (Security Operation Centers), and incident response teams.
To continually improve and refine this provided intelligence, there is a feedback loop to capture feedback from key stakeholders, on the value and relevance of the threat intelligence.
For any organization, cyberthreat intelligence plays a pivotal role in bolstering their cybersecurity strategy. There are a numerous reasons why threat intelligence is advantageous to organizations. By understanding Tactics, Techniques and Procedures used in past attacks, organizations are able to implement appropriate security controls to mitigate future attacks. This information also gives them the ability to assess risk profiles, and effectively enhance their risk management. Threat Intelligence fosters incident response improvement, by allowing organizations to understand the nature of breach circumstances, contributes to risk reduction when organizations take a proactive approach in identifying risks, and overall could lower an organization’s financial burden of security incidents (SentenelOne, 2024).
Apart from enhancing incident response, threat intelligence is used for threat modeling to assist organizations in understanding the threat surface, for tailoring of defenses by comprehending threat actors’ behaviors and tactics, and identifying known attacks, events and incidents.
Cyberthreat intelligence professionals must be ethical when balancing privacy rights and the desire for threat intelligence. Also, they must be transparent when sharing information, and must comply with applicable laws and regulations.
Attached is a copy of my assignment on the analysis of APT29 (Cozy Bear) which is a Russian Hacker Group. In my report, I explain who they are and what they do, before delving into the tools, techniques and methods that they use for attacks. With this newly gained knowledge, I am expected to safeguard my organization’s sensitive data by ensuring that the appropriate security controls are in place.
References:
Chowdhury, S. (2024, January 30). CYBER THREAT INTELLIGENCE (CTI): DEFINITIVE GUIDE FOR BEGINNERS. Retrieved from Hackers Terminal: https://hackersterminal.com/cyber-threat-intelligence-cti/
PaloAlto Networks. (2024). What is Cyberthreat Intelligence (CTI)? Retrieved from https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti
SentenelOne. (2024). What Is Cyber Threat Intelligence? | A Comprehensive Guide 101. Retrieved from https://www.sentinelone.com/cybersecurity-101/cyber-threat-intelligence/
Reflection
The Cyber threat landscape is dynamic and constantly evolving. With the rapid increase in emerging threats, especially those from the proliferation of Artificial Intelligence, organizations are challenged, and seek opportunities that would assist in defending against these threats.
During the CSOL 580 class, I gained a better understanding of what is threat intelligence, how it is gathered and its importance to businesses and organizations. I also learned that this information is necessary for the operational intelligence in cybersecurity tools. These tools rely on this information for knowledge on what to look out for, how to mitigate, and what tactics and techniques they need to employ.
For 2023, 84.7% or organizations were compromised at least once by a cyberattack (CyberEdge Group, 2024). Even though this percentage is lower that 85.3% for the previous year, it demonstrates the need for organizations and businesses to use threat intelligence for a proactive defense strategy. This information also gives security professionals insight into which threats are the most dangerous, the attack methods and what needs to be done for prevention.
The CSOL 580 class provided clarity to my confusion about how collected data evolve into threat intelligence. As we discussed the intelligence lifecycle and examined how the data is processed at each phase, I realized how important it is for Cyber Intelligence Analysts to apply objectivity in this process. Analysts play a significant role in protecting organizations from cyber threats. Hence, it is their professional responsibility to continually monitor the horizon to collect, analyze, create intelligence reports, and disseminate information to businesses and organizations so that they could proactively stay ahead of cyberthreats. Cyber threat analysts must also adhere to legal compliance. They must balance security needs with respect for individual rights, accountability and transparency.
References:
CyberEdge Group. (2024). 2024 Cyberthreat Defense Report. Retrieved from ISC2.org: https://www.isc2.org/-/media/Project/ISC2/Main/Media/Marketing-Assets/Reports/2023_CDR_Report_FINAL2_ISC2.pdf?rev=3e028128a09340158a3f982ca5c6e014&hash=3E161A3562C845B8B07460ACD09B0A2D