There are many definitions for threat intelligence, some of which we’ve even covered in separate blog posts, but at its core, threat intelligence must be actionable, timely and relevant to the end consumer. By definition, digital threat intelligence is threat intelligence specifically related to the digital threat landscape – that is the surface, deep and dark web, social media platforms, mobile app stores and other publicly available platforms that have real business use and cyber risk. Particularly in today’s remote and digital-first world, digital threat intelligence provides the context and correlation to understand the risks facing businesses across the public attack surface at scale.
What makes threat intelligence different from data is that actionability. While data feeds alone are often timely, they are predicated on volume and therefore rarely actionable. Summary reports are another source of information for security teams, but they are primarily focused on demonstrating derivatives from other types of investigations and as such, are rarely timely. By investing in digital threat intelligence, organizations have access to contextualized, actionable intel for better situational awareness and to make smarter decisions.
Digital Threat Intelligence 101
Digital transformation refocused the threat intelligence discussion among security experts, analysts and marketers who have traditionally focused on outputs such as feeds of IOCs and other network-centric related data. Digital threat intelligence at its core is first and foremost about protecting digital assets and data. These assets provide the context and relevancy necessary for strong intelligence. Whether that is domains, websites, accounts, intellectual property that is hosted online, etc. these assets serve as the lens through which collection and analysis takes place. That collection and analysis then provides early warning of potential threats, reducing the overall risk to businesses.
Why Digital Threat Intelligence
According to Forrester’s blog, “Understanding The Evolving DRP Market,” April 2019, 64% of organizations rate improving advanced threat intelligence capabilities as a high or critical priority. However, despite correctly identifying the need to fill an intelligence gap, many organizations run into challenges when planning or deploying their initiatives.
For starters, many CISOs are simply not prepared to work with the raw, unstructured threat data they may be receiving in their threat feeds. As a result, many teams find themselves spending excessive amounts of time and resources monitoring multiple threat feeds, and analyzing only partially-relevant data without the needed context and automation available to quickly take action when necessary.
The latest Forrester Wave™: External Threat Intelligence Services, Q1 2021 notes that, “As the number and sophistication of cyberthreats increase and IT environments become more complex, S&R pros seek out threat intelligence providers that have just the right visibility into threats most relevant to their organization and industry.” More security teams are seeking solutions that not only provide situational awareness of the global threat landscape, but provide actionability on the specific threats to their organization and this is the value of digital threat intelligence.
Digital Risk Protection vs Cyber Threat Intelligence What’s The Difference?
The ideal solution for security teams of all sizes today is one that focuses on protection and intelligence. The categories of Digital Risk Protection and Cyber Threat Intelligence do not exist in silos and should be considered as pieces within a broader security program. Digital Risk Protection focuses on protecting key digital assets and data on digital platforms. Those protections help inform and contextualize the information that feeds into a strong CTI program. High-quality protection and intelligence services are singularly designed to make organizations smarter and more capable to meet their ultimate mission of protecting the organization. The end result of the intelligence cycle is a flexible set of deliverables that can be exploited on multiple business levels, from the Security Operations Center (SOC) to the Boardroom.
Use Cases for Digital Threat Intelligence
Regardless of the consumer, most would agree that the core value of digital threat intelligence is to make you more knowledgeable and lead to better outcomes. As aforementioned, threat intelligence must be relevant, actionable and timely. There are specific use cases that fall into each of these three categories.
- Relevance: The data derived from a digital threat intelligence solution must apply to your business’ main mission. Irrelevant data leads to the danger of fake-signal and inaccurate thought-processes. Threat intelligence should be used to inform your organization on the specific threats to your organization, not to the business down the street. While global intelligence is valuable to understand the entire threat landscape, relevancy is critical. Having access to a wide net of unique sources, such as dark web nets, and unique methods to collect data is critical to a tactical threat intelligence program. The true value of a strong tactical intelligence program is integrations, enabling analysts to view all relevant threat data within a single-pane of glass.
- Actionability: You need to be able to do or not do something with the data set you receive from your digital threat intelligence solution. Taking action increases the monetary value of your business by reducing costs, reducing risks, or enabling action.
- Timely: Threat Intelligence is consumed and can facilitate the daily activities of multiple different people within an organization so it must be timely. This ranges from the tactical to the operational to the strategic functions of threat intelligence. Timely intelligence includes immediate alerts of potential threats, quick remediation actions and access to continuously updated data.
How To Find The Right Solution For Your Business
While digital threat intelligence is by broad definition information that is actionable, timely and relevant, there are specific types of threat intelligence services designed to meet various needs within the business. Threat intelligence services can be tailored based on the frequency or volume of threats or based on what your organization is looking to protect, such as brand intelligence or dark web intelligence. ZeroFox offers unique digital threat intelligence solutions including:
- Brand Intelligence: The Forrester Wave™: External Threat Intelligence Services, Q1 2021 notes that “regardless of enterprise size, every organization has a brand and customers to protect.” With that in mind, brand intelligence is a top priority for organizations starting out with threat intelligence or with a sophisticated CTI program. Brand intelligence focuses on identifying and disrupting threats to your enterprise’s digital assets, such as your domains, websites, social accounts, intellectual property and data. The main use cases for brand intelligence include remediation of impersonations, spoofed domains, account takeover attempts and leaked data that could put your brand reputation and customers at risk.
- Strategic Intelligence Advisory: A robust threat intelligence solution includes both global and tailored intelligence. Strategic Intelligence advisories offer analyst-curated reports and finished advisories spanning the cyber threat landscape. Finished intelligence is the cornerstone of any proactive cybersecurity program and a fundamental part of the intelligence cycle. Comprehensively protecting and preparing your organization from increasingly complex and demanding external threats requires deep knowledge and understanding of the most relevant threats to your organization.
- Managed Threat Intelligence: Security threats are constantly changing, making it nearly impossible for security teams to cost-effectively stay abreast of relevant threats. Reducing the volumes of threat data into actionable insights to provide a holistic understanding of the risks posed to your business is a real challenge. Managed threat intelligence services combine structured threat intelligence feeds, indicators of compromise (IOCs), targeted automated and human collection across the surface, social, deep and dark web. With unrivaled machine and human analysis, ZeroFox provides only the most relevant and actionable intelligence to your security leadership and teams.
- On-Demand Investigations: Threats to physical and digital assets are escalating in scale and sophistication. Most organizations don’t have the tools, personnel, or time to keep up, but your organization’s success still rests on your ability to accurately assess and respond. ZeroFox’s On-Demand Investigation provides highly-skilled intelligence analysts who deliver deep-dive reports, technical cybersecurity analysis, threat assessments, research projects, and as-requested analytic projects tailored to your organization.
Whether you’re just standing up a threat intelligence program or already have a mature team of threat analysts, the addition of digital threat intelligence is incredibly valuable to provide actionable, timely and relevant information to your business. Learn more about ZeroFox’s threat intelligence solutions here.