Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace Cyber threat intelligence sources include open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web.
Cyber threat intelligence provides a number of benefits, including:
- Empowers organizations to develop a proactive cybersecurity posture and to bolster overall risk management policies.
- Drives momentum toward a cybersecurity posture that is predictive, not just reactive.
- Enables improved detection of threats.
- Informs better decision-making during and following the detection of a cyber intrusion.
Cyber threat data or information with the following key elements are considered as cyber threat intelligence:
- Evidence-based: cyber threat evidence may be obtained from malware analysis to be sure the threat is valid.
- Utility: there needs to have some utility for the organization to have a positive impact on security incidents.
- Actionable: the gained cyber threat intelligence should drive security control action, not only data or information.
USING ELECTRONIC DEVICES AND THEIR NETWORKS TO FIND INFORMATION.
OPEN SOURCE DIGITAL NETWORK INTELLIGENCE (OS-DNI)
- Social Media
- “Google Hacking”
- Image EXIF Data
CONTINUOUS MONITORING
- Security Background
- Asset Tracking and Monitoring
- Target Tracking and Monitoring
ELECTRONIC INTELLIGENCE (ELINT)
- Cell-phone monitoring
- Radio/CB/walkie-talkie monitoring
- Other RF communications
HUMINT
- Spear-phishing
- Social Engineering
- Interrogations (subtle info extracting, not snatch and grab)