Threat Intelligence Program is a set of people, process and technology which enables you to proactively Identify, collect, enrich and analyze threat information, strategic and tactical, so that your organization is ever ready to defend and respond to any kind of cyber attacks. Threat intelligence as applied in conventional security is any information that helps you tune your security defenses, build an effective response program for any contingency and also if required take preemptive measures to neutralize any looming threats. Key characteristics of any threat intelligence is that they should be timely, actionable and relevant to your organization. Threat intelligence gives out information about the attackers, their motivations, their tactics, techniques and procedure. This information and other contextual information when correlated gives out a better picture of the threats, vulnerabilities, and their impact. Threat intelligence helps you prioritize risk against your organizations and also helps in preparing a security road-map for future security investments.
Key Use Cases
Deeper Insight into artifacts related to IOCs found on their network. A threat intelligence service eliminates the need to manually research, gather and analyze volumes of threat information from multiple sources, mainly across the Internet.
Current defensive protocols may be adjusted prior to an attack
Future planning is relevant to the emerging threat based on risk & its potential impacts relevant to your organization
Streamline patch management program:
Prioritize vulnerability management activities based on risk criteria & its impact
Develop case studies for use during internal incident response training exercises and business continuity management efforts
Explore new zero-day exploits/new malware variants and vulnerabilities, monitor direct attacks against an organization
Real time alerts enable timely action, Monitor unauthorized information disclosure including credentials etc.
Security architecture planning:
Provide security related inputs into architectural and procurement decisions
Better understand the business impact by relating incident artifacts to threat actor profiles
Do let me know if you want us to add or modify any of the listed key use cases.
Check out the Threat Intelligence market within FireCompass to get more information on these markets.