Skip to main content

What and why Cyber Threat Intelligence




What and why Cyber Threat Intelligence.

When we say intelligence, we are dealing with information while cyber threat is the possibility of a malicious attempt to damage or disrupt a computer network or system.

With the above definitions, we can say that in cyber threat intelligence is about gathering of information that could possibly harm computer network or system.

Similarly to Human Intelligence (HUMINT) and Open Source Intelligence (OSINT), a good source of information often comes from the community and just about 10 to 20% of it is from internal or from the agent himself.  Although reliability of this information vary from source to source, it is still beneficial to include this information for processing and analysis.

So, why the need for CTI?

Know what’s coming and prepare for it. The capability to identify threats that may come to your organization is important for an efficient decision for enhanced security and threat response.  Relevant and timely threat intelligence can help organization stays updated one step ahead of the threat as these threats are constantly evolving because of cyber criminal’s motivation that drives them to develop sophisticated attacks for their gains and cause. 

 Everyone is at risk on cyber attacks no matter the size of your organization is, but with a well CTI, it helps your security team to monitor and detect  malicious activity on your network and be updated to the latest threats. CTI is not the only one and all solution but perhaps it can serve as the basis for making good decision to provide a quality cyber security.

The lack of utilization of intelligence can lead to a future crisis. Now that you have an idea of what is cyber threat intelligence and an overview of how it can help your organization, what will be your excuse for not implementing it. Cyber threat intelligence is the future of cyber security, and that future has already started in the past and keeps moving forward, don’t get left behind, catch up. Now!








For more info and references:
https://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions
https://www.helpnetsecurity.com/2015/05/19/the-importance-of-good-threat-intelligence/
https://www.upwork.com/hiring/for-clients/what-is-cyber-threat-intelligence/


Comments

Post a Comment

Popular posts from this blog

Install Snort IDS in Windows

Install Snort IDS in Windows In this article, we are going to install Snort on windows, perform basic configuration then add snort rules. Snort can also be configured as an intrusion prevention system, but in our case, we will just configure snort as an IDS. Carry out the following steps Download and install Snort and Winpcap Download snort rules Configure snort.conf file Run snort that displays alert on console Run snort that saves alert to a file ============================================================= Step 1: Note: Install snort and winpcap as an administrator. Download winpcap https://www.winpcap.org/ and install it as an administrator, just let it install with default settings. Restart your computer. Download snort installer exe at https://www.snort.org/downloads and install it as an administrator, just choose defaults configuration where you only have to click “I Agree”, “Next” , “Next” , “Next”, “Close” and “Ok”. ==============...
Post a Comment
Read more

Mapping the cyber security world with GIS

Using GIS software to develop a cyber map for analysis of cyber attacks globally helps IT security understand cyber world and to identify vulnerabilities in cyber networks which allow security teams to prioritize their work and solve areas with the potential to do the most damage first. Below are some cyber map images develop with GIS software. The accuracy of the data is not guaranteed and mostly referenced to the work of Cyber Security Insides on the following link. https://www.cybersecurity-insiders.com/list-of-countries-which-are-most-vulnerable-to-cyber-attacks/  http://gis.usc.edu/blog/gis-and-cybersecurity/
1 comment
Read more

Using Kivred to fetch threat intelligence and find snort rules

Using Kivred to fetch threat intelligence and find snort rules to use it with snort Before diving into the procedure, let me give you some terminologies. TAXII - Trusted Automated eXchange of Indicator Information. A free and open transport mechanism that standardizes the automated exchange of cyber threat information. STIX - Structured Threat Information Expression. A language for describing cyber threat information in a standardized and structured manner to enable the exchange of cyber threat intelligence (CTI). http://hailataxii.com/ - Hail a TAXII.com is a repository of Open Source Cyber Threat Intellegence feeds in STIX format. Kivred – A simple taxi client to fetch data from taxi service provider such as hailataxii. Indicator – contains a pattern that can be used to detect suspicious or malicious cyber activity. Observed Data – conveys information observed on a system or network (e.g., an IP address). TTPs - Tactics, Technique...
Post a Comment
Read more