Connect with us

Hi, what are you looking for?

HEADLINES

Decoding the different types of threat intelligence

A quick lesson in semantics on the term ‘stay ahead’ would suggest one of the major keys to a successful cybersecurity program is to be proactive, as compared to reacting only when a cyber-incident occurs.

By Yeo Siang Tiong
General Manager for Southeast Asia, Kaspersky

As a cybersecurity professional, your work is never done. In fact, I have read a University of Maryland study which quantified the rate of hacker attacks of computers connected to the internet – once every 39 seconds on average. As digitalization accelerates on a global scale, cybercriminals are constantly coming up with new ways to exploit weaknesses in our IT infrastructure. In this context of unpredictability, can it ever be possible for an organization to stay ahead of the cybersecurity curve?

A quick lesson in semantics on the term ‘stay ahead’ would suggest one of the major keys to a successful cybersecurity program is to be proactive, as compared to reacting only when a cyber-incident occurs. To do this, having access to good threat intelligence is essential for any organization looking to outsmart the cybercriminals. 

Why is threat intelligence important? 

Advertisement. Scroll to continue reading.

Threat intelligence is a key component of any cybersecurity ecosystem. Gartner’s defined threat intelligence as an evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. 

For those who are self-confessed data junkies, let us lay down some ground rules on threat intelligence before you get too carried away with the prospect of having unfettered access to facts, figures and statistics through your threat intelligence program. Firstly, threat data is a value that is collected just by observation. On its own, it does not mean anything without any context. On the other hand, threat intelligence is the result of analyzing data, which are translated into actionable insights that enable you to deploy solutions specific to the problem found, while strengthening a business’ cybersecurity posture at the same time. 

Today, the threat landscape is evolving at a rapid pace, with the constant flow of data transmitted over the information highway. A shortage of skilled cybersecurity professionals in the field of threat and vulnerability assessment is also not something new to us as well. What this means for organizations is that in this age of shrinking IT budgets, there is an urgent need to be equipped with the right tools to decide what information is relevant and prioritize to whom they are relevant to.

Types of threat intelligence 

While many managed service providers may claim to offer threat intelligence solutions, this can mean a whole number of things. First, let’s zero in on the four main types of threat intelligence – strategic, tactical, technical and operational – and while there might be some overlap between them, having a good understanding of their functions will allow an organization to disseminate information to the right people.

Advertisement. Scroll to continue reading.

 Strategic threat intelligence 

This type usually contains high-level analysis containing general and broad trends over time on how cybersecurity threats can impact a business for a non-technical audience who are usually the decision makers within an organization. They are different from other kinds of threat intelligence in the sense that they usually come from open sources such as white papers and reports.

Tactical threat intelligence 

Tactical threat intelligence refers to information on tactics, techniques and procedures (TTPs) of threat actors. Such technical information has a tendency to focus on the present, as people who are responsible for the security of their organization’s IT infrastructure would need to understand how they might be attacked in order to come up with strategies to counter them.

Technical threat intelligence

Advertisement. Scroll to continue reading.

Technical threat intelligence focuses heavily on indicators of compromise (IOCs) such as suspicious URLS or malware hashes.

Operational threat intelligence

Operational threat intelligence seeks to answer the questions of who, what, and how associated with a cyberattack. 

There is some overlap with technical threat intelligence, since operational threat intelligence does contain some element of technical information in terms of what attack vector is being used or the kind of command and control domain being used. However, other sources of operational threat intelligence can also be acquired from infiltrating the communication channels of threat actors, which will allow one to gain specialized insights to understand the capabilities of cybercriminals.

Building your foundation in real-time threat intelligence

Advertisement. Scroll to continue reading.

Getting started with threat intelligence can be overwhelming, even for a seasoned IT professional. With so many threat intelligence service providers offering automated and aggregated solutions today, which would best suit your organization’s needs?

Today, most managed security service providers are able to automate the process of delivering real-time aggregated data to you. As a starting point for any business looking to establish a good cyberthreat intelligence programme (CTI), this is an absolute must. However, the act of receiving threat data is insufficient on its own. The ability to provide original insights based on real-time data that can be translated into action is imperative for your organization to be able to bolster its cybersecurity posture.

At Kaspersky, we offer organic threat intelligence content because of a combination of our Kaspersky Security Network’s global database, machine learning, and our own human powerhouse, our Global Research & Analysis Team (GReAT).

As an example, Kaspersky’s Threat Data Feeds are enriched with insights from our elite, internal researchers, GReAT. These 40+ cybersecurity experts stationed across the world possess expertise on threat actors, incorporating elements of tactical, technical and operational threat intelligence to provide actionable context such as threat names, timestamps, and resolved IPs addresses of infected web resources. Together, they can be used to answer the who, what and how questions which lead to identifying your adversaries, enabling you to make timely decisions specific to your organization.

When it comes to making a case to your C-suite for more IT funding, having access to the latest cybersecurity trends to enable your organization to make more informed strategic decisions. Our APT Intelligence Reporting can help you understand what are some of the cutting-edge threats in a comprehensive and practical manner, as well offer you insights into non-public APTs that are sometimes not publicly available.

Advertisement. Scroll to continue reading.

While these examples are just some of the solutions we offer, they are good starting points for anyone looking to build a cyberthreat intelligence programme. As cyberthreats continue to evolve, so too will the functions of threat intelligence. The holy grail for any organization is to integrate strategic, tactical, operational and technical intelligence in a manner that will enable you to build a more secure environment to deal with your adversaries.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement