Threat intelligence
This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. (September 2020) |
Threat intelligence is the "cyclical practice" of planning, collecting, processing, analyzing and disseminating information that poses a threat to applications and systems. Threat intelligence collects information in real-time to showcase the threat landscape for identifying threats to a computer, application or network. This information is gathered from a number of resources and compiled into a single database enabling visibility into vulnerabilities and exploits actively being used on the internet (in the wild) by threat actors. Threat intelligence is not to be confused with vulnerability management.
Platforms exist that enable the automation of threat intelligence. These platforms are commonly referred to as "TIPs" or Threat Intelligence Platforms. Security analysts utilize these platforms for their collection of data and automation.
A threat intelligence platform is typically used by Security Operations Center Teams (SOC) for day to day threat response and events as they occur. Generalized Threat Intelligence teams use the platform to make educated predictions based on actors, campaigns, industry targets as well as platform (network, application, hardware) targets. Management and Executive teams use the platform for reporting and share data at high levels to better understand their threat posture.
A TIP is a packaged product that obtains information from multiple resources and automates intelligence by managing, collecting and integrating with various platforms. Anomali provides a threat intelligence model based on their intelligence platform.
See also[]
References[]
- "What is Cyber Threat Intelligence?". CIS. 2015-10-26. Retrieved 2020-07-05.
- "Netscout Threat Intelligence Report". Netscout. Retrieved 2020-12-10.
- "Cyber Threat Intelligence". 2018-03-28. Cite journal requires
|journal=
(help) - "Threat Intelligence & Assessments". www.nsa.gov. Retrieved 2020-07-05.
- "What Are the Different Types of Cyberthreat Intelligence?". Security Intelligence. 2018-06-04. Retrieved 2020-07-05.
- "CTIIC Home". www.dni.gov. Retrieved 2020-07-05.
External links[]
- https://dl.acm.org/doi/10.1145/3243734.3243829
- https://www.darkreading.com/threat-intelligence.asp
- https://securityintelligence.com/posts/chess-entropy-patterns-threat-intelligence-models/
- https://patents.google.com/patent/US8813228B2/en
- https://dl.acm.org/doi/abs/10.1145/3243734.3243829
- https://pennstate.pure.elsevier.com/en/publications/network-security-situation-awareness-framework-based-on-threat-in
- http://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf
- https://ieeexplore.ieee.org/abstract/document/7568916
- Data security
- Information technology