Cyber threat intelligence (CTI) defined as a knowledge about threats and the intentions and methods behind them, which is collected, analyzed and disseminated in ways that helps security and business staff at all level to protect the most critical assets of the organization. The primary purpose of the CTI is to gather intelligence about the threats that pose a higher risk to the organization and help the management to take preventive measures to mitigate those risks.
CTI Life cycle
CTI life cycle is an iterative process explaining the collection of raw data and its conversion into useful intelligence. The first stage in this process is planning and direction. A traditional CTI life cycle consists of six steps.
- Planning and direction
The first stage in the CTI life cycle is about setting your goal according to the core values of the organization and planning, in which adversaries might target your organization. The most valuable assets, such as credit card and financial account data, confidential business information, must be prioritized accordingly.
- Collection
collection stage involves gathering data from various sources such as honeypots and scanners on the network. Data may include malicious IP addresses, personal data of the customers, or texts from social media.
- Processing
In the processing stage, data is stored, organized, and converted into useful information. Nowadays, organizations receive terabytes of data. It is humanly not possible to process such a large amount of data. Therefore, organizations implement SIEM solutions to make the process easy and efficient.
- Analysis
In this stage, threat information is analyzed, interpreted, and converted into actionable threat intelligence. Important decisions regarding the further investigation of a potential threat or actions required to prevent a cyber-attack are taken based on this intelligence.
- Dissemination
Different audiences have different preferences for how often and in what form they receive threat intelligence. In this stage, the intelligent output is displayed to the right people at the right time. This stage also involves keeping track of previous stages so that continuity remains intact.
- Feedback
Feedback is the last but crucial stage. In this stage, specific teams who initially made threat intelligence request, review the final product and determine whether it is as per requirement or not.