Cyber Threat Intelligence is a growing buzz word in Cyber Security Industry and as a growing market for cyber threat intelligence gives an opportunity for research. Threat intelligence data will be valuable for an organization to identify, detect, protect, and respond to threat accordingly. Threat intelligence is a knowledge that allows you to prevent your organization to mitigate you from cyber attack. Threat intelligence gives you a context that helps you to get informed decisions about cybersecurity. We can break down threat Intelligence into a few categories based on these criteria.
Strategic intelligence
Intelligence is meant for a nontechnical audience. Strategic intelligence mainly gives a broader view of an organization to board members. It helps to get the high-level decision to executives or any other decision making of an organization. Strategic intelligence is slight into an area where risk is associated with a certain line of action, a broader pattern of threat actor is tending. Some source for strategic threat intelligence includes policy document from government or private organization. News from local or national media or research paper form subject matter expert.
Tactics Intelligence
Tactics, Technique, and procedure(TTP) are helping to defense organization and to understand the threat that is currently active, this help to mitigate the upcoming attack. It is mostly useful for people who are directly involved in the organization defense unit. Reports from security vendors are often the easiest way to get the latest update on tactical threat intelligence.
Operational Intelligence
Intelligence involved in operational intelligence is mostly technical information – intelligence involved like attack vector, vulnerability, and command and control error this kind of information referred to as technical threat intelligence. Operational intelligence is a knowledge gain from examining by knowing attack tactical intelligence. It is a data analytic focused on the implementation of a quick business decision based on certain data in real-time. To use this method there should be automated data gathering using artificial intelligence and machine learning as we as data warehousing technique to faster and efficient scrubbing of data.
Different Types of Threat Intelligence.
The use of Intelligence is not new, However, cyber threat intelligence can be collected from multiple different sources.
Signals intelligence(SIGINT)
Collecting intelligence using the intercepting of signals. Communication between people (COMINT) or the electronic signal not directly used in communication i.e electronic intelligence(ELINT) or foreign instrumentation (FISINT) is intelligence from the interception of foreign electromagnetic emissions.
Geospatial Intelligence (GEOINT)
Collecting data from GPS and maps called geospatial intelligence. The information provided by GEOINT is highly contextual. The capabilities of these three areas still exist as the foundation of GEOINT is Imagery, Imagery Intelligence, and geospatial information.
Human Intelligence (HUMINT)
This is the most common technique to gather intelligence by communicating directly or indirectly with people. This can also be done by spying on people, typically by the government obtain military or political information and observation.
Tech Intelligence(TECHINT)
Collecting information using advanced technology and processing, analyzing, and exploiting of data or information.TECHINT enables us to update our protection measure, it involved engaging in advanced technology to deal with the human the source was highly sophisticated techniques are used.
Market Intelligence(MARKINT)
Collecting intelligence to understand market conditions and competitors. MARKINT is a collection of data from external sources for a specific purpose for accurate decision making to determine strategy.
Open-Source Intelligence(OSINT)
Collecting information from publicly available sources. The collected data can be social media, news, public reports, or articles as long as its public and legal. OSINT is primarily used in Law enforcement agencies and national security. The OSINT technique is using for years, as they grow of communication capability and a high volume of data correlation and transformation made it more valuable especially in the infosec community.
Financial Intelligence (FININT)
Collection information about the financial affairs and capabilities of an attacker. One of the main purposes to gather FININT is to identify financial transactions that are involved in tax evasion or money laundering.FININT is classified into two types such as collection and analysis. The collection is normally done by a government agency known as a Financial Intelligence Unit(FIU). The analysis may consist of scrutinizing a large volume of transaction data using data mining or data matching techniques.
Cyber Intelligence(CYBINT)
Collecting data from different intelligence and correlation from MARKINT, TECHINT, FININT, GEOINT, OSINT, and HUMINT. Cyber threat intelligence will give you details about the threat, including Originated, who code it, how it’s delivery, and damage impact. In addition to that information include specific of malware, tool and tactics use detail about the specific type of attack and potential risk.