About Strategic Threat Intelligence

Threat intelligence is a category of intelligence that focuses on information security. As defined by Gartner, it is “evidence-based knowledge…about an existing or emerging menace or hazard…to inform decisions regarding the subject’s response to that menace or hazard.”

Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps you make better decisions about how to prevent bad things occurring to you or your organisation.

In order to sustain a strong security posture, an organisation must develop and answer questions specific to the business, many of which must be answered continually as situations and environments evolve.

Questions such as: will bringing in additional security solutions really give that much more additional protection? Is updating each and every legacy system worth the cost? Who are my enemies and how might they attack me? Threat intelligence helps organisations to tackle these questions and make more informed decisions with context.

There are generally three ’levels’ of cyber threat intelligence: strategic, operational and tactical, which serve different functions.

  • Strategic intelligence (who/why)
    Focuses on assessing and mitigating current and future risks to businesses. As an example, a corporation releasing a new product or completing a merger will want to understand not only the potential impact but also the associated risks with the activity. This is particularly useful for CISOs and executive leadership who must justify budgets and make well informed investment decisions.
  • Operational intelligence (how/where)
    Helps fuel meaningful detection, incident response and threat hunting programs. This level of intelligence enables information security teams to identify patterns in attacks, from which logical system rules can be developed that can then detect specific indicators of malicious activity.
  • Tactical intelligence (what)
    Provides a reference material for analysts to interpret and extract context for use in defensive operations. This intelligence comes in the form of Indicators of Compromise (IOCs), which include items such as domains or IPs. Indicators are often changed quickly though, meaning that it is important for operational and strategic intelligence to also be incorporated into decisions.

The combination of these different levels of threat intelligence give security teams the ability to know how to proactively and reactively respond to risks. This includes what solutions to use, how they should be leveraged, and even just who to keep an eye on.

A Further look into Strategic Threat Intelligence

Strategic intelligence gives the bigger picture, looking at how threats and cyber-attacks are changing over time. Common focuses of strategic intelligence include historical trends, motivations, or attributions as to who is behind an attack.

With strategic intelligence, you can answer questions like who is attacking your organisation and why?? Why are you within scope for an attack? What major trends are happening? What can you do to reduce your risk profile? All of this helps to profile your adversaries and provide clues to their future operations and tactics.
All of this makes strategic intelligence a solid starting point for deciding which defensive measures will be most effective.

This gives insight into the following:

  • Targeting trends for industry sectors and geographies
  • Major attacker Tactics, Techniques and Procedures (TTP) changes over time
  • Attribution for intrusions and data breaches
  • Mapping cyber-attacks to geopolitical conflicts and events (South China Sea, Arab Spring, Russia-Ukraine)
  • Threat actor group trends
  • Global statistics on breaches, malware and information theft
  • Carrying out a thorough risk analysis and review of the entire technology supply chain
  • Informing your executive leadership about high risk threat actors, relevant risk scenarios, and threat exposure in the public-facing technology sphere and criminal underground
  • Learning which commercial ventures, vendors, partners, and technology products are most likely to increase or decrease risk to your enterprise environment

For example, if you are in the education sector, you may wonder what nation states and threat actor groups you should be concerned about, or where you need to focus your resources to reduce risk of an intrusion and theft of intellectual property.

Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber-attacks.

By leveraging this data, organisations are better positioned to trade punches with tomorrow’s threats.

Information Security Buzz

You Migh Also Read: 

Does Fake News Affect Threat Intelligence?:

Employees Are Still The Cause Of Most Cyber Breaches:

 

 

« Cybercrime Costs Londoners £26m Every Month
Cambridge Analytica Claim To Sway Elections With Facebook Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.