Threat Intelligence (TI) is information about current attack tactics and techniques (T&T) used by hackers to breach companies, their networks, and their data. Threat Intelligence collects, compares, and summarizes T&T to help you prevent or mitigate cyberattacks against your company.
Two thousand years ago, a highly decorated and successful Chinese military strategist, Sun Szu, wrote a treatise on the “Art of War“. One of the tenets of his book was this: “to be successful in war, you must know what your enemy is up to”. This is what Threat Intelligence represents. TI details what hackers and attackers are up to, so you can better prepare your defenses.
Cyber attacks are growing in frequency and complexity. Businesses of all shapes and sizes need to leverage threat intelligence to get a leg up on their adversaries.
Threat intelligence solutions gather raw data on emerging or existing threat actors from a number of sources. This data is analyzed and filtered to create threat feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organizations informed of advanced persistent threats, zero-day vulnerabilities, and how to protect against them.
Threat Intelligence data comes from many sources including Threat Hunting, forensic investigations, vendor advisories, and security strategists. Threat Intelligence is often freely published by organizations such as Mitre and the Internet Storm Center. SMBs should subscribe to a Threat Intelligence feed or a blog on cybersecurity to be made aware of emerging threats.
However, knowing your enemy is not enough. A closer examination of Sun Tsu’s treatise finds this quote:
"If you know the enemy and know yourself, you need not fear the results of a hundred battles."
This is why CyberHoot always recommends you perform a risk assessment of your own environment to determine gaps or weaknesses in your own cybersecurity program. Once you’ve determined your gaps, you can plan how to spend your finite time and money addressing them. Within your own risk assessment, make sure you examine whether you’re doing the following best practices:
10 STEPS EVERY SMB SHOULD TAKE TO PROTECT THEMSELVES FROM CYBER ATTACKS: