Intelligence is information that can be acted upon to change outcomes.
Cyber Threat Intelligence (CTI) is organized, analyzed and refined information about potential attacks threatening an organization. CTI is any form of information that may help an organization to identify, assess, monitor and respond to cyber threats and attacks. It is used to prevent current and future threats, including the most common and severe threats, as well as in-depth information about threats that are specific to the organization.
By deploying highly-automated CTI solutions, the organization will be able to protect itself from the types of attacks that could do the most damage. Implementing CTI in a company consumes a lot of manpower and time. The organization must evaluate the right sources for information on CTI and constantly update them to ensure trouble-free function in all aspects.
CTI is divided into four subtypes: 1. Strategic, 2. Tactical, 3. Technical and 4. Operational (Fig 1).
1. Strategic Threat Intelligence is consumed by high-level strategists within an organization. It gives insight into changing threat levels from different sources.
E. g. information published by a CTI Provider about the general growth of malware infections (Fig 2) or information about which platforms (Office, Flash, Android, Java, Browsers, PDF) are targeted. It normally contains no information about specific techniques or codes.
2. Tactical Threat Intelligence is information about how threat actors conduct threats. Tactical Threat Intelligence is consumed by defenders and responders in order to ensure that defenses, alerts and investigation are prepared for current attacks. The source for Tactical Threat Intelligence are white papers, technical press or communication with peers and other organizations.
E. g. a feed of a CTI Provider publishing which domains have been taken over by spreading malicious code.
3. Technical Threat Intelligence is information consumed through technical means (e.g., a feed of blacklisted IP addresses that can be imported to firewalls) and has a short lifetime as attackers can easily change IP adresses or checksums.
4. Operational Threat Intelligence is information about a specific impending attack (e.g., the Yatron virus or Bluekeep, Fig 3) against your organization and is normally directed to higher-level security staff. Such critical information about a direct current attack requires instant reaction.
As you can see, CTI is a wide field of gathering, consuming and correlating data, which is highly labor-intensive and challenging.
Our service provides your organization with essential and up-to-date information on potential attack sources relevant to your business. We help you to develop your own CTI to give you the most current and effective tools to defend your organization.