Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted Jan 02, 2019

Cyber threat intelligence isn’t just for the 1%.

MIME_blog_Threat.jpg

If you’re in cybersecurity, odds are you’ve heard a lot about threat intelligence these last few years. But unless you’re part of an organization with a massive budget for cybersecurity, you probably haven’t had the chance to conduct any threat intelligence practices or maybe even fully explore what it is (and isn’t).

The truth is, threat intelligence isn’t just for the 1%. It’s for everyone, and we’re here to help set you on your way to success.

We’re pleased to introduce a new eight-part blog series titled Threat Intelligence for the 99%. In this series we’ll dive deep into all topics surrounding threat intelligence, what it means and how to approach it depending on the needs and resources of your organization.

In this first post, Explaining the Issue, we’ll get through a series of definitions to set the table for how any organization—regardless of staff, budget or technical security expertise—can approach cyber threat intelligence. Let’s get started with the basics.

What is a cyber threat?

The U.S. National Institute of Standards and Technology (NIST) defines a cyber threat as: “any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.”

What is cyber threat information?

NIST also defines cyber threat information as “any information that can help an organization to identify, assess, monitor and respond to cyber-threats. Examples of cyber-threat information include indicators (system artifacts or observables associated with an attack), tactics, techniques and procedures, security alerts, threat intelligence reports, and recommended security tool configurations.”

What is intelligence?

The Oxford English Dictionary defines intelligence as “the ability to acquire and apply knowledge and skills,” and “the collection of information of military or political value.”

What is cyber threat intelligence?

The SANS Institute calls cyber threat intelligence (or CTI): “the analysis of an adversary's intent, opportunity, and capability to do harm is known.” It goes on to say: “Intelligence is not a data feed, nor is it something that comes from a tool. Intelligence is actionable information that answers a key knowledge gap, pain point, or requirement of an organization. This collection, classification, and exploitation of knowledge about adversaries gives defenders an upper hand against adversaries and forces defenders to learn and evolve with each subsequent intrusion they face.”

A History Lesson on Intelligence

Intelligence from a military and strategic point of view goes back millennia. According to the New World Encyclopedia (NWE), spying is mentioned in Homer’s Iliad and the Bible. The Roman Empire used spies across the world to gather information about neighboring nations and their people. In ancient China, theoretical works on information gathering were written around 500 BC.

The NWE goes on to say:

“As governments became more organized, so did their militaries and military intelligence systems, eventually evolving into the complex and multi-faceted organizations of today. Technological advancements such as radio led to advancements in areas like cryptography, as well as more advanced systems to intercept and decode messages. [Military Intelligence] has fueled many technological advances; the first world-wide computer network, for example, was not the internet, but the international network connecting surveillance stations.”

As the battlefield evolved in the 1980s and 1990s from fields and oceans to the cyber realm, the military evolved their intelligence capabilities to include the production of intelligence within the cyber sphere. This eventually led to the founding of military cyber commands in the 2000s.

Soon after this, there was a recognition that the intelligence gleaned from these military applications had actionable defensive and protective value to the private sector. At this point, CTI was born. It would grow to serve as a foundational element of many large organizations’ defensive and response strategies in the 2010s.

As we look to the 2020s, the growth in machine learning and artificial intelligence will drive the cost and resource requirements down to smaller organizations allowing them to reap all the benefits that CTI can provide.

Intelligence = Action

So, what does all this mean for you?

You can distill this down to three major themes:

  1. All organizations regardless of size, industry, or geography will have threats to their infrastructure, assets and people. There is no escaping this.
  2. Data is available around these threats from a variety of sources and the mechanisms to consume and triage will get easier over time.
  3. The collection and interpretation of this data to drive an action is the essence of intelligence. Without an action, all you have a great story to tell but you are not really impacting the defensive posture of your organization.

Join us for the next part of the series as we take a look at why doing CTI is so important today and in the future.

Want to learn more about how to boost your threat intelligence program? Come see us at RSA Conference at the Moscone Center in San Francisco at Booth 935 from March 4-8.

Here are the rest of the posts in this series:

Part 2: Why is CTI Important?

Part 3: When is CTI Needed?

Part 4: What CTI Approach Do You Take?

Part 5: Building Your Own - CTI Feeds

Part 6: Building Your Own - CTI Tools

Part 7: Building Your Own - Stitching It Together

Part 8: Final Thoughts & Takeaways

blog_banner_ThreatIntel.png

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted Jan 02, 2019

You may also like:

Threat Intelligence for You: Challenges and Advantages

What can threat intelligence mean for yo…

What can threat intelligence mean for your organization? Ed… Read More >

Gary Hayslip

by Gary Hayslip

Vice President, CISO of Webroot

Posted Nov 12, 2018

Threat Intelligence for You: 5 Ways to Prove Value

You can do threat intelligence—eve…

You can do threat intelligence—even with a small budge… Read More >

Gary Hayslip

by Gary Hayslip

Vice President, CISO of Webroot

Posted Nov 26, 2018

How Do You Roll Out a Threat Intelligence Program?

You can do this. When you think of impl…

You can do this. When you think of implementing a cyber thr… Read More >

Malcolm Harkins

by Malcolm Harkins

Chief Security and Trust Officer, Cylance Inc

Posted Jan 18, 2019