From headline news to expensive security feeds and alerts systems, the options for accessing information are far-ranging. A good way to start is to establish “, Analyst Perspective: 2018 Cybersecurity Forecast. Getting data shouldn’t be challenging as there are many sources - open sources, CTI vendors, dark web, ISACs, internal data, etc. GET CYBER INTELLIGENCE STRAIGHT TO YOUR INBOX Tyler and Mona will be releasing an upcoming weekly cyber threat intelligence briefing. It often involves limited application of traditional intelligence analysis techniques. Strategic threat intelligence is what differentiates the professionals from the amateurs. The reason is that there often remains a divide between the technical and the business side of organizations, where cyber risk management is not yet ingrained into the business strategy. The briefing is a succinct review of the preceding week’s top cyber threat trends and developments, accompanied by key takeaways for security and leadership teams. Intelligence analysts identify intelligence gaps during the analysis phase. This level of intel should help inform business decisions regarding cyber risks and the implication of threats to the organization. In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, with consideration given to their tactics, techniques, and procedures (TTPs), motivations, and access to the intended targets. By studying this triad it is often possible to make informed, forward-leaning strategic, operational, and tactical assessments. Ever since Mandiant broke the veritable geopolitical glass ceiling with its report on APT1, the industry has been on an unending quest to reach to holy grail of CTI: its strategic dimensions. Have any of our partners or those in our supply chain suffered a cyber-attack? Security professionals can use strategic threat intelligence to help justify security spending decisions and to realign budgets to address the right areas of focus when it comes to cyber risk. Instead of just reaching conclusions about difficult questions, intelligence analysts think about how they reach the conclusions. Over the next several years the inclusion of cyber threat intelligence into SLTT government operations will become increasingly important, as all levels and employees are forced to respond to the cyber threat. Strategic cyber threat intelligence forms an overall picture of the intent and capabilities of malicious cyber threats, including the actors, tools, and TTPs, through the identification of trends, patterns, and emerging threats and risks, in order to inform decision and policy makers or to provide timely warnings. This analysis resulted in the identification of intelligence gaps: who were the actors defacing the printer servers? In this cycle requirements are stated; data collection is planned, implemented, and evaluated; the results are analyzed to produce intelligence; and the resulting intelligence is disseminated and re-evaluated in the context of new information and consumer feedback. Intelligence analysis relies on a rigorous way of thinking that uses structured analytical techniques to ensure biases, mindsets, and uncertainties are identified and managed. ‘One of the practices I've seen work really well is organisations that are able to communicate with neighbouring businesses and industry,’ he notes, ‘that's essentially the idea of going out and asking your neighbours: What are you seeing? How are they being accomplished? That new information was analyzed and turned into a series of publications providing additional intelligence on this trend. According to S-RM’s Director of Cyber Incident Response in London, Tyler Oliver, a good place to start for any organisation looking to build up a cyber threat intelligence capability for the first time is within intelligence community platforms. It requires that analysts identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely, and relevant intelligence. In an April 2017 Forrester report titled “, Strategic threat intelligence can help you reset the corporate culture, shifting cybersecurity accountability from its own silo and elevating cyber risk understanding and decision-making to both technical and business leaders. Strategic threat intelligence can help you reset the corporate culture, shifting cybersecurity accountability from its own silo and elevating cyber risk understanding and decision-making to both technical and business leaders. Intelligence analysts and consumers determine intelligence gaps during the dissemination and re-evaluation phase. Let’s take a look at how this approach can apply to businesses developing cyber intelligencecapabilities. Also, your forensic team may want to know what t… With this intel that can be easily understood by all stakeholders, it is easier to make the case for and defend budgetary requests, and it’s easier for the business to understand the impact of a yes/no decision as it relates to the cybersecurity spend. What if you are a part of a victim organization that has just experienced an incident involving the theoretical malicious infrastructure infr1[.]com? are they exploiting a specific vulnerability? Security Professionals Can Use Strategic Threat Intelligence to Help Justify Security Spending Decisions and to Realign Budgets. GET CYBER INTELLIGENCE STRAIGHT TO YOUR INBOX. Copyright © 2020 Wired Business Media. What are the most likely threats? • For the Business Unit Leader - What are your most important cyber assets and what is being done to keep those secure? From a tactical intelligence perspective, your incident responders may be interested in knowing what other indicators of compromise (IOCs) are needed to determine if there is additional activity or compromises within the organization. However, the volume of available sources combined with language constraints often makes it infeasible to collect manually. According to Mona Damian, senior analyst and threat intelligence specialist in S-RM’s cyber team based in New York, collecting information is just the first step in the process. are they working together? For example: • For the Boardroom - Are we well positioned for cyber threats or are we not? However, distilling that data into relevant intel is tough and ultimately that’s where the real value for your organization is created. Are the threats changing over time? Business executives can benefit from strategic threat intelligence by gaining critical insights and establishing meaningful cybersecurity benchmarks to monitor and revisit as part of regular business strategy sessions. Ultimately strategic cyber threat intelligence should be driving your cybersecurity program and approach. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape. Starting with this blog we will explore what is cyber threat intelligence, and examine what it is used for, its value to MS-ISAC members, the difficulties inherent in developing cyber threat intelligence, and the varying components of intelligence, such as Words of Estimative Probability. Podcast | From Information to Action: The Strategic Value of Cyber Threat Intelligence. Rather than being developed in an end-to-end process, the development of intelligence is a circular process, referred to as the intelligence cycle. When thinking about strategic threat intelligence, the first step is to determine what questions (aka requirements) you want to answer. Strategic threat intelligence is where threats are tied to organizational impact in more of a proactive, risk-based view and aligned to the organization's business objectives. See how you stack up to your peers and competitors from a cyber risk and cybersecurity readiness perspective, as well as to show cybersecurity preparedness and due diligence with litigators and regulators. This extra step ensures that, to the extent feasible, the analysts’ mindsets and biases are accounted for and minimized or incorporated as necessary. Home • Resources • Blog • What is Cyber Threat Intelligence? For instance, it can assist decision makers in determining acceptable business risks, developing controls and budgets, in making equipment and staffing decisions (strategic intelligence), provide insights that guide and support incident response and post-incident activities (operational/technical intelligence), and advance the use of indicators by validating, prioritizing, specifying the length of time an indicator is valid (tactical intelligence). In my last article, I walked through a mind map that shows the many facets of cyber threat intelligence and how they all should fit into your overall security strategy and program. I think Forrester makes a good argument here. The way to bridge the gap – so that cyber problems and solutions are relevant and comprehensible to those in the C-suite and boardroom – is to look at cyber threats through a business intelligence lens. This blog is the first of several by the Multi-State Information Sharing and Analysis Center’s (MS-ISAC) Intel & Analysis Working Group (I&AWG) on Cyber Threat Intelligence and intelligence analysis. The briefing is a succinct review of the preceding week’s top cyber threat trends and developments, accompanied by key takeaways for security and leadership teams. Like all intelligence, cyber threat intelligence provides a value-add to cyber threat information, which reduces uncertainty for the consumer, while aiding the consumer in identifying threats and opportunities. In Quarter 2, evaluation of the MS-ISAC information identified an increase trend in defacements, and further analysis identified that the trend was due to an increase in printer server defacements. What Do You Ask Your Cyber Threat Intelligence Analyst? Cyber threat intelligence is what cyber threat information becomes once it has been collected, evaluated in the context of its source and reliability, and analyzed through rigorous and structured tradecraft techniques by those with substantive expertise and access to all-source information. Strategic intelligence assesses disparate bits of information to form integrated views. Driving Security Orchestration with Your Cyber Threat Intelligence Playbook, Crafting Your Cyber Threat Intelligence Driven Playbook, CISO Perspective: People are Critical to Your Threat Intelligence Program, SAP Patches Several Critical Vulnerabilities With November 2020 Security Updates, TikTok Files Last-Minute Petition Against Trump Order, SentinelOne Raises $267 Million at Valuation Exceeding $3 Billion, Vulnerabilities Exploited at Chinese Hacking Contest Patched in Firefox, Chrome, Western Digital Finds Replay Attack Protection Flaw Affecting Multiple Vendors, Czech Intel Report Targets Russian, Chinese Spies, Microsoft Patches Windows Vulnerability Chained in Attacks With Chrome Bug, Adobe Patches Vulnerabilities in Connect, Reader Mobile, PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption, Big Tech Welcomes Biden Presidency, But Battles Loom.