Cyber threat intelligence

From ACT Wiki
Jump to navigationJump to search

Treasury risk - information technology - cyber security - cyber threat.

Cyber threat intelligence is the assessment, validation and reporting of information on current and potential cyber threats.

Cyber threat intelligence is undertaken to maintain and improve an organisation’s cyber security awareness and cyber risk management responses.


Three categories of cyber threat intelligence
"Threat intelligence (TI) comes in multiple formats but you can group it into three broad categories.
The actual extent of its use depends on available tools and resources in the Security Operations Centre (SOC).
In an ideal situation, a SOC will make use of all types of TI.


(1) Indicator of Compromise (IoC):
At the lowest level, there are open source TI feeds that will provide indicators of compromise.
This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.
A match would indicate the system is interacting with a known bad IoC.
There are many IoC feeds that can be used and ingested into monitoring solutions.


(2) Tactics Techniques and Procedures (TTPs):
Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.
For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.
This kind of information, when used correctly, can be turned into detection use-cases.


(3) Situational:
Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.
This would typically include information on trends and geopolitical situations."
Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre.


See also


Other resources

Retrieved from ‘https://wiki.treasurers.org/w/index.php?title=Cyber_threat_intelligence&oldid=56397