The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year. But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That's why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.
Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned...
This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization's information security program can (and should) apply threat intelligence to their function. Each post will include 3-4 use cases, how CTI can be used by professionals in that role,and the type of threat intelligence that is required to achieve their objectives.
- CISO: CISOs need to protect the business. Use threat intelligence to identify and prioritize risks to your business, make better strategic decisions on plans, budgets and staffing, and more effectively communicate with the management and the corporate board.
- SOC: Level 1 Analyst - SOC analysts, more specifically Level 1 SOC analysts, are inundated with data and lots of it. Learn how to leverage threat intelligence to help prioritize and triage your alerts more effectively. [SPOILER ALERT...context is key]
Read more, Part 1 and Part 2.
- SOC: Level 2, 3, Incident Response team - Incident responders are the hunters and gatherers of incidents that need to be validated and contained. Use threat intelligence to improve the detection of the most serious threats and stay current on those that pose the greatest risk to your company or industry. [SPOILER ALERT...TTP's and proactive intelligence are key]
Read more, Part 3 and Part 4.
- Threat Intelligence analyst or team: Threat intel analysts analyze threats and attacks in depth and require contextual, rich threat intelligence to reverse-engineer advanced attacks, find and shutdown previously undetected attacks as well as research, prioritize, and communicate emerging threats.
- NOC: As the central location for monitoring, managing and defending their networks, NOCs use threat intelligence to generate threat alerts, reduce false positives, prioritize alerts and gain the confidence on triggering blocking features in security devices.[SPOILER ALERT... high-fidelity, validated, machine readable intelligence is key]
- Vulnerability & Patch Team: Staff responsible for identifying vulnerabilities and implementing patches use threat intelligence to determine the vulnerabilities that are most critical to their business, which patches to prioritize (out of many), and to communicate the risks to managers and other IT groups.[SPOILER ALERT... exploitation context is key]
Most people know cyber threat intelligence is valuable, but haven't quite figured out the best route to its application. Throughout this blog series, you will discover the tactical security capabilities that context-rich threat intelligence enables up through the strategic role it plays forCISOs and Senior IT executives that need to understand macro-level threats relevant to their organization.