What is Cyber Threat Intelligence?
Cyber Threat Intelligence (CTI) is the process of collecting and analyzing data to identify cyber threat actors and understand their targets, capabilities, motives, and TTPs (techniques, tactics, and procedures), allowing enterprises to prevent or mitigate against cyber threats.
Data for cyber threat intelligence is obtained from a variety of sources, including social media, the surface, deep, and dark web, public or private threat intelligence feeds, device log files, and more. Raw cyber threat data may be processed and analyzed by a combination of human threat intelligence experts and artificial intelligence, transforming it into actionable cyber threat intelligence that’s ready for use by enterprise security teams.
9 Types of Cyber Threat Intelligence
Enterprise security teams can develop their own cyber threat intelligence, harvest it from open-source threat intelligence feeds, or receive curated intelligence reports from a third-party threat intelligence service.
A comprehensive approach to CTI should capture and analyze data from diverse sources, delivering versatile threat intelligence that keeps security teams apprised of the full breadth of cyber threats facing their organizations. SecOps teams can leverage many different types of intelligence to inform their security practices, including:
- Dark Web Threat Intelligence – Cyber threat intelligence from the deep and dark web helps enterprises identify threat actors, exposed credentials, and stolen data before it can be sold or utilized in a cyber attack.
- Brand Intelligence – Enterprises can monitor the public attack surface for brand impersonations and unauthorized use of brand assets that could be used in a cyber attack.
- Fraud Intelligence – Cyber Threat Intelligence helps enterprises detect, identify, and understand the tactics and behaviors of digital fraudsters who use social engineering techniques to steal credentials, data, or cash from targeted organizations.
- Internet Infrastructure Intelligence – This type of cyber threat intelligence helps security teams identify domains, host, and VPS infrastructure used in cyber attacks, and effectively distinguish between legitimate and suspicious providers of Internet infrastructure.
- Malware and Ransomware Intelligence – Cyber threat intelligence that keeps security teams informed about the latest malware and ransomware threat groups, emerging malware threats, and TTPs used to infiltrate and attack targeted organizations.
- Vulnerability Intelligence – Cyber threat intelligence that deals with software vulnerabilities, bugs, and exploits that may be used by digital threat actors to infiltrate target organizations.
- Third Party Intelligence – Third party intelligence is cyber threat intelligence that provides visibility and insight into cyber threats that could impact an organization’s vendors and partner companies across the supply chain.
- Geopolitical Intelligence – Geopolitical events that range from extreme weather (e.g. hurricanes or wildfires) to elections, war, and civil unrest all have the potential to impact enterprise operations. Geopolitical intelligence keeps organizations informed of unfolding geopolitical developments so they can make strategic decisions to safeguard assets and personnel while sustaining operations.
- Strategic Intelligence – Strategic intelligence takes input from a variety of open information sources, including geopolitical, social, health, and economic indicators that can help enterprise leaders engage in effective long-term decision-making.
5 Use Cases for Cyber Threat Intelligence
Fraud takes place whenever a cyber adversary engages in an act of deception for either financial or personal gain. Under this definition, many different types of cyber crime could be considered fraud, including executive impersonation attacks, domain and email spoofing, impersonations, and social engineering attacks.
Cyber threat intelligence can help organizations prevent fraud by identifying potential threat actors, understanding their motivations and TTP, and disrupting fraudulent internet infrastructure that could be used to defraud the enterprise or its employees and customers.
Brand Abuse Prevention
Brand abuse comes in a variety of forms, including brandjacking, logo fraud, counterfeiting, and impersonation attacks. Each of these exploits a brand’s reputation and trustworthy status in the marketplace to defraud its customers or members of the public.
Security teams using modern threat intelligence technology can monitor the public attack surface for unauthorized usage of brands, logos, and executive identities. Once detected, security teams can take steps to dismantle the fraudulent infrastructure, disrupting the activity of cyber criminals and discouraging future attacks against the brand.
Vulnerabilities are coding errors in software applications that can allow cyber adversaries to gain unauthorized access to private networks or data. As enterprises grow more software-dependent and IT environments grow in complexity, the potential for software vulnerabilities to result in a security incident increases.
To prevent this, enterprise SecOps teams must remain apprised of new and emerging software vulnerabilities that impact enterprise applications. An effective cyber threat intelligence program delivers timely and actionable information on emerging vulnerabilities, enabling SecOps teams to proactively safeguard their networks.
When enterprise SecOps teams are investigating a security incident, cyber threat intelligence can provide threat data that correlates known Indicators of Compromise (IoCs) with unknowns, such as the attacker’s identity, capabilities, motivations, or specific TTP.
These details provide valuable context that helps incident response teams recognize the scope of the incident, determine whether a cyber attack is still in progress, contain or disrupt the attack, understand how the attack was executed, and remediate damage to internal systems.
Cyber threat intelligence provides an evidence-based understanding of the motivations and TTPs of real cyber adversaries.
This enables enterprise security leaders to better understand the digital risks faced by the organization and make strategic, threat-informed decisions to strengthen security controls or optimize detection and prevention capabilities.
Identify Threats to Your Brand and Business with ZeroFox Global Threat Intelligence
ZeroFox provides digital protection, cyber threat intelligence, and aversary disruption to dismantle external threats to brands, people, assets, and data across the public attack surface, in one comprehensive platform.
ZeroFox’s cyber threat intelligence service leverages a global team of 150+ expert threat analysts, delivering actionable threat intelligence to help you keep up with security demands.
Want to learn more?
Watch our free webinar ATT&CK or Be Attacked: Using Threat Intelligence to Disrupt Targeted Threats to Your Brand’s Perimeter to see how cyber threat intelligence is helping enterprise SecOps teams safeguard their brands, people, and assets against digital risks.