Classification and benefits of cyber threat intelligence

1. Classification of cyber threat intelligence:

- Strategic Intelligence: A type of intelligence designed to identify targets. It is created by listening to agencies/organizations/individuals/groups that could cause harm. It contains information about the attacker's intent, methods and tactics, their past behavior and possible attacks.

- Operational Intelligence: This type of intelligence includes the attacker's techniques, methods, and procedures. This information is provided to the team providing the SOC (Security Operations Center) services, who then analyze it and use it as a preventive measure against possible attacks.

- Tactical Intelligence: Contains data that identifies potential threat activity on systems and networks. This data is anomalous and suspicious movement data in its structure. Such as tactical intelligence, SIEM, IDP/IPS, DLP, anti-spam, firewall, endpoint protection, etc.

2. Why cyber threat intelligence is needed?

According to a survey conducted by the Ponemon Institute in 2015; 40% of companies have experienced a financially induced security breach in the last 2 years and have determined that 80% of the breaches can be prevented or minimized with cyber threat intelligence.

Only 36% of respondents believe their company's security is strong. Half of the respondents have increased their intelligence data to prevent or mitigate the consequences of an attack.

These companies receive an average of 16,937 alerts per week. Only 19 percent of the alerts were rated as reliable. Only 4 percent of alerts could be investigated. It was determined that he spent $1.27 million per year to respond to false alerts. These mentioned issues are correct. It can be minimized through threat intelligence methods.

Threat intelligence is designed to raise awareness of possible threats. This is a necessary area to intervene in undesirable internal threats before they occur. In this way, the firewall is maximized and the necessary precautions are taken.

3. Benefits of threat intelligence:

- Data loss prevention

A network threat intelligence system monitors access attempts to malicious IP addresses and domains and detects phishing attacks that may target employees. Collecting and analyzing this information creates a prevention attribute for the same possible scenarios.

- Detecting data breaches

The earlier a data breach is detected that has occurred or is occurring, the less damage it will cause to the organization. Detecting data breaches and leaks here can prevent financial problems and damage to an organization's reputation.

- Incident response

It helps to identify the system whose information will be compromised, the device where the data loss or data breach we mentioned above is/are taking place. Hence, the measures taken to avoid the same breach are more conscious.

- Threat analysis

It provides an idea of the necessary defense mechanisms and the measures that can be taken. This analysis is based on previous attacks or attacks detected before they occurred. The aim is to understand the attacker's techniques, methods and procedures and to provide the right solutions for the points that may pose a threat.

- Data analysis

Analyzing the data found helps to obtain additional information about the threats that have been created or may be posed by the attacker.