Threat Intelligence is evidence-based information about cyber attacks that cyber security experts organize and analyze. This information may include:
There are different types of threat intelligence, from high-level, non-technical information to technical details about specific attacks. Here are a few different kinds of threat intelligence:
Threat intelligence and cyber threat tools help organizations understand the risks of different types of attacks, and how best to defend against them. Cyber threat intelligence also helps mitigate attacks that are already happening. An organization’s IT department may gather its own threat intelligence, or they may rely on a threat intelligence service to gather information and advise on best security practices. Organizations that employ software defined networking (SDN) can use threat intelligence to quickly reconfigure their network to defend against specific types of cyber attacks.
Threat intelligence allows organizations to be proactive instead of reactive when it comes to cyber attacks. Without understanding security vulnerabilities, threat indicators, and how threats are carried out, it is impossible to defend against cyber attacks effectively. Threat intelligence can prevent and contain attacks faster, potentially saving businesses hundreds of thousands of dollars. Threat intelligence can augment enterprise security controls at every level, including network security.
Security personnel can often find indications that an attack is happening or has happened, if they are looking in the right places for unusual behavior. Artificial intelligence can help tremendously with this effort. Some commons IOCs include:
A variety of threat intelligence tools are for sale or available at no cost through the open source community. They all have slightly different approaches to threat intelligence gathering:
Organizations that are aware of emerging threats and know how to avoid them can take action to prevent an attack before it happens. Gathering and reviewing threat intelligence should be part of the enterprise security strategy for every organization.