If you are involved in Information Security in almost any\nway, you have probably heard the term \u201cthreat intelligence\u201d. There are many\nmisconceptions about what it truly is, ranging from data feeds, high-priced\nresearch analysis subscriptions, or that you need a dedicated team of SOC\nanalysts to effectively implement threat intelligence. All of these notions are\nfalse.<\/p>\n\n\n\n
Instead, threat intelligence includes information and\nanalysis from a wide variety of sources, presented in a meaningful way for your\norganization. If properly used, it can be tremendously valuable and can be\nhandled by your existing security staff, with the right tools and support.<\/p>\n\n\n\n
Threat intelligence focuses on six distinct phases that\ncomprise the \u201cintelligence cycle\u201d.<\/p>\n\n\n\n
Direction<\/strong> \u2013 This phase sets the goals for your threat\nintelligence program, defining the assets and business processes that need to\nbe protected. Defining the impacts of losing those assets along with setting\nthe priorities on what to protect are key to this phase. Another component of\nthis phase is determining the types of intelligence data needed to protect the\norganization.<\/p>\n\n\n\n Collection<\/strong> – This is the process of gathering the\nnecessary information, including logs and metadata from the networks, servers\nand security devices. Subscribing to appropriate threat data feeds and\nmaintaining awareness to industry news and cybersecurity events and incidents\nare also required. In other words, if you don\u2019t know what is happening in the\nworld around you, it could be happening to you, right under your nose.<\/p>\n\n\n\n Processing<\/strong> \u2013 This is the process of putting the\ncollected information and data into a format usable by your security team. Since\nthe data collected comes from different sources, in different formats, it needs\nto be assembled into a format that can be used by your organization.<\/p>\n\n\n\n Analysis<\/strong> – This phase is the process that takes the\nprocessed data and information into actionable items that can apprise decisions.\nThese decisions or actions include investigating possible threats, taking\nactions to block emerging threats or strengthening security controls. Critical\nto the analysis is putting the intelligence data in a usable format and easy to\nunderstand and usable by the appropriate recipients. <\/p>\n\n\n\n Dissemination<\/strong> \u2013 This phase involves getting the\ncompleted intelligence data to the appropriate parties and users. This includes\nthe proper format and medium to disseminate the information.<\/p>\n\n\n\n Feedback<\/strong> \u2013 Regular feedback is required to ensure\nthat the evolving requirements of the users of the intelligence data are\nsatisfied and the appropriate adjustments and changes to the data sources and\noutputs are made.<\/p>\n\n\n\n Without the right tools, security staff will focus their\ntime of mundane tasks of collecting the information and data and then\nprocessing, instead of analyzing the data and developing actionable plans and\ntasks to enhance security. Using existing security tools, such as SIEMs in\nconjunction with analytic tools will help streamline workflows and processes,\nallowing staff to focus on intelligence outputs instead of manual processes to\ndevelop and create the data. With the appropriate tools, most organizations can\ndevelop an intelligence program with existing staff and resources and make\nthose security team members more effective in their ongoing functions and\ntasks.<\/p>\n","protected":false},"excerpt":{"rendered":" If you are involved in Information Security in almost any way, you have probably heard the term \u201cthreat intelligence\u201d. There are many misconceptions about what it truly is, ranging from data feeds, high-priced research analysis subscriptions, or that you need a dedicated team of SOC analysts to effectively implement threat intelligence. All of these notions are false. Instead, threat intelligence includes information and analysis from a wide variety of sources,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[11],"_links":{"self":[{"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/posts\/378"}],"collection":[{"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=378"}],"version-history":[{"count":1,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/posts\/378\/revisions"}],"predecessor-version":[{"id":379,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/posts\/378\/revisions\/379"}],"wp:attachment":[{"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=378"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/access-solutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}