Cyber threat intelligence helps solve everyday issues with security policy, strategy, even down to the defense layer. This is done by answering the following questions:
◉ Who are our adversaries?
◉ What are the adversaries using?
◉ Where are the adversaries targeting?
◉ When are the adversaries going to attack?
◉ Why are the adversaries attacking?
◉ How does the adversary operate?
Once a report has been created from the above questions, the organization can make changes to its policy to help mitigate and prioritize certain threats and modify any controls to align with the new security strategy. A cyber threat analysis that goes into more depth than just adding anti-virus software or a shiny new firewall adds a great deal of value to the company and its employees and customers.
Cyber Threat Intelligence Life Cycle
1. Planning and Direction
This is where the 5 Ws and How from above come into play. An organization might even want to see if other companies in the same industry are experiencing the same attacks.
2. Collection and Processing
This step builds on the first step. Since the information that needs to be collected will play a role in how an organization builds its cybersecurity structure, the information needs to come from reliable and trustworthy sources. A very good start would be from data within the organization, like network logs and scans. Another good source is from reputable security research companies.
3. Analysis
During this step, the threat intelligence analyst tries to find any holes where an attacker can get in or has already gotten inside. If an attacker has already breached the network, a SOC analyst will get called in to investigate. With this information, the organization can choose to share it with the cyber community, so other organizations don’t fall victim to this attack.
4. Production
Here is where the threat intelligence analyst creates a formal report which may include recommendations for the organization to make, whether it be in policy or at the defense layer, to help mitigate the risk of an attack.
5. Dissemination and Feedback
This is where the cyber intelligence analyst communicates their report and recommendations to senior leadership.
What does a Cyber Threat Intelligence Analyst Do?
Source: eccouncil.org
0 comments:
Post a Comment