Cyber threat intelligence

This article is about cyber threat intelligence. For computer telephony integration, see Computer telephony integration.

Cyber threat intelligence (CTI) is a subfield of cybersecurity that focuses on the structured collection, analysis, and dissemination of data regarding potential or existing cyber threats.[1][2] It provides organizations with the insights necessary to anticipate, prevent, and respond to cyberattacks by understanding the behavior of threat actors, their tactics, and the vulnerabilities they exploit.[3][4] [5] Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

In recent years, threat intelligence has become a crucial part of companies' cyber security strategy since it allows companies to be more proactive in their approach and determine which threats represent the greatest risks to a business. This puts companies on a more proactive front, actively trying to find their vulnerabilities and preventing hacks before they happen.[6] This method is gaining importance in recent years since, as IBM estimates, the most common method companies are hack is via threat exploitation (47% of all attacks).[7]

Threat vulnerabilities have risen in recent years also due to the COVID-19 pandemic and more people working from home - which makes companies' data more vulnerable. Due to the growing threats on one hand, and the growing sophistication needed for threat intelligence, many companies have opted in recent years to outsource their threat intelligence activities to a managed security provider (MSSP).[8]

  1. ^ Conti, M (2021). "Measuring and Visualizing Cyber Threat Intelligence Quality". International Journal of Information Security. 20: 21–38. doi:10.1007/s10207-020-00490-y.
  2. ^ Kant, Neelima (2024). "Cyber Threat Intelligence (CTI): An Analysis on the Use of Artificial Intelligence and Machine Learning to Identify Cyber Hazards". Cyber Security and Digital Forensics. Lecture Notes in Networks and Systems. 36: 449–462. doi:10.1007/978-981-99-9811-1_36. ISBN 978-981-99-9810-4.
  3. ^ Dalziel, Henry (2014). How to Define and Build an Effective Cyber Threat Intelligence Capability. Syngress. ISBN 9780128027301.
  4. ^ Bank of England (2016). CBEST Intelligence-Led Testing: Understanding Cyber Threat Intelligence Operations (PDF) (Report). Bank of England.
  5. ^ Saeed, Saqib (2023). "A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience". Sensors. 23 (16): 7273. Bibcode:2023Senso..23.7273S. doi:10.3390/s23167273. PMC 10459806. PMID 37631808.
  6. ^ CyberProof Inc. (n.d.). Managed Threat Intelligence. CyberProof. Retrieved on April 03, 2023 from https://www.cyberproof.com/cyber-101/managed-threat-intelligence/
  7. ^ IBM (2022-02-23). "IBM Security X-Force Threat Intelligence Index". www.ibm.com. Retrieved 2022-05-29.
  8. ^ "MSSP - What is a Managed Security Service Provider?". Check Point Software. Retrieved 2022-05-29.