One area of incident response that has had a significant impact on an organization's ability to respond to cyberattacks is the use of cyber threat intelligence or, simply, threat intelligence. The term cyber threat intelligence covers a wide range of information, data points, and techniques that allow analysts to identify attack types in their network, adequately respond to them, and prepare for future attacks. To be able to properly leverage this capability, information security analysts should have a solid foundation of the various terminologies, methodologies, and tools that can be utilized in conjunction with threat intelligence. If analysts are able to utilize this data, they will be in a better position to take proactive security measures and, in the event of a security incident, be more efficient in their response.
In this chapter's discussion of cyber threat intelligence, the following key topics will be discussed:
- Understanding threat intelligence: Cyber threat intelligence is an amalgamation of existing and emerging disciplines in intelligence. The overview provides a level set of the various topics that are part of cyber threat intelligence.
- Threat intelligence methodology: Cyber threat intelligence generation and integration is a process-driven endeavor. This section provides an overview of the cyber threat intelligence methodology.
- Threat intelligence sources: There are several sources where responders can gain access to cyber threat intelligence. This portion examines some of the key sources available.
- Threat intelligence platforms: Threat intelligence provides an extensive amount of data to responders. An examination of a threat intelligence platform will provide responders with an option to deal with this potential data overload.
- Using threat intelligence: Cyber threat intelligence is meant to be used either proactively or reactively. This section provides some key tools and techniques to do just that.
In many ways, this chapter merely scratches the surface of the tools, techniques, and methodologies of cyber threat intelligence. It is hoped that this overview provides a starting point for responders to integrate threat intelligence into their operations.