Blog Date: 2/26/2017
Author: Ray Coulombe

What was once reserved for the most top-secret conservations is now available to a larger group of people. Cyber threat intelligence is a strategic and operational procedure to fuel many processes and risk management decisions. It also needs to fit your audience because cyber threat intelligence means different things to different people within your company.

Here’s our breakdown of what this means:

Threat intel is presented through Indicators of Compromise (IoCs) or threat feeds. This requires organizations to understand themselves and the adversary in order to make sense of information. If the company doesn’t understand its assets, personnel, administration, and infrastructure, how can it know where there might be opportunity for attacks?

Threat intelligence is analyzed information about the intent, opportunity, and capability of malicious actors. The information has to go through the intelligence lifecycle: plan, collect, process, produce, and disseminate information. Taking this data and applying it to helping identify major threats is how to start looking at this intelligence.

This makes the planning phase vital: If an organization is receiving threat intelligence but doesn’t know how to identify what information is applicable, the intel is useless. The ability to produce or consume threat intelligence tailored to your organization can provide actionable strategic choices to greatly impact security.

So who has a role in cyber intelligence throughout your company? Here are some key roles within the organization that should use cyber threat intelligence.

Defenders
Cyber Threat Intelligence (CTI) adds value to your incident response process. Proactively, CTI helps defenders plan for possible security breaches. Defenders can ensure they have the right plan to put into action if necessary, when provided the right information. From a reactionary perspective, defenders have to research and understand what happened after a breach occurs. How did the attack happen? What was exploited? What paths are at stake? With CTI, defenders can answer these questions.

Vulnerability Management Teams
Threat intelligence can provide insights into what controls mitigate a specific vulnerability. They also help you to understand if you’re applying the right resources to the right controls. Applying finished threat intelligence to daily cyber security processes improves decision-making and focus when it comes to vulnerability remediation.

Threat Analysts
The best threat analysts always have intel and security expertise. Strategic threat intel provides the big picture in terms of trends to focus on based on how others are being impacted by specific threats. Operational intel provides high-level analysis and understanding. What path did an adversary use to gain access? Are we well positioned from a cyber security perspective? Why or why not?

Executives and BoD’s
Business executives generally do not understand the details of cyber security; they care about managing risk to their organization. Strategic threat intelligence can help them understand the risk generated by a defined threat: What’s the impact? What resources are needed to reduce risk to an acceptable level? Ultimately strategic and operational threat intelligence should be used by many different roles in your organization to make more informed decisions around risk management, threat prevention and incident response. It’s about all team members making sound decisions at every level in the process to avoid threats.