Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace Cyber threat intelligence sources include open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web.
Cyber threat intelligence provides a number of benefits, including:
-
Empowers organizations to develop a proactive cybersecurity posture and to bolster overall risk management policies.
-
Drives momentum toward a cybersecurity posture that is predictive, not just reactive.
-
Enables improved detection of threats.
-
Informs better decision-making during and following the detection of a cyber intrusion.
Cyber threat data or information with the following key elements are considered as cyber threat intelligence:
-
Evidence-based: cyber threat evidence may be obtained from malware analysis to be sure the threat is valid.
-
Utility: there needs to have some utility for the organization to have a positive impact on security incidents.
-
Actionable: the gained cyber threat intelligence should drive security control action, not only data or information.
USING ELECTRONIC DEVICES AND THEIR NETWORKS TO FIND INFORMATION.
OPEN SOURCE DIGITAL NETWORK INTELLIGENCE (OS-DNI)
-
Social Media
-
“Google Hacking”
-
Image EXIF Data
CONTINUOUS MONITORING
-
Security Background
-
Asset Tracking and Monitoring
-
Target Tracking and Monitoring
ELECTRONIC INTELLIGENCE (ELINT)
-
Cell-phone monitoring
-
Radio/CB/walkie-talkie monitoring
-
Other RF communications
HUMINT
-
Spear-phishing
-
Social Engineering
-
Interrogations (subtle info extracting, not snatch and grab)