User:JSHall19002/sandbox
Threat Intelligence (Computing)
[edit]Threat intelligence is the "cyclical practice" of planning, collecting, processing, analyzing and disseminating information that poses a threat to applications and systems. Threat intelligence collects information in real-time to showcase the threat landscape for identifying threats to a computer, application or network. This information is gathered from a number of resources and compiled into a single database enabling visibility into vulnerabilities and exploits actively being used on the internet (in the wild) by threat actors. Threat intelligence is not to be confused with vulnerability management.
Platforms exist that enable the automation of threat intelligence. These platforms are commonly referred to as "TIPs" or Threat Intelligence Platforms. Security analysts utilize these platforms for their collection of data and automation.
A threat intelligence platform is typically used by Security Operations Center Teams (SOC) for day to day threat response and events as they occur. Generalized Threat Intelligence teams use the platform to make educated predictions based on actors, campaigns, industry targets as well as platform (network, application, hardware) targets. Management and Executive teams use the platform for reporting and share data at high levels to better understand their threat posture.
Threat Intelligence models
[edit]A TIP is a packaged product that obtains information from multiple resources and automates intelligence by managing, collecting and integrating with various platforms. Anomali provides a threat intelligence model based on their intelligence platform.
Recorded Future’s machine learning, natural language processing and pattern recognition technology indexes and understands more than 350 facts per second, equivalent to 8,774 full-time human analysts, delivering teams threat intelligence that powers security where and when they need it. This enables security teams to identify threats to their organizations 10 times faster than before deploying Recorded Future tools, from 0.4 days advance notice to about 4.1 days advance notice, while helping to resolve security incidents 63 percent faster when they do occur, according to IDC.
See also
[edit]References
[edit]- ^ "What is Cyber Threat Intelligence?". CIS. 2015-10-26. Retrieved 2020-07-05.
- ^ "Cyber Threat Intelligence". 2018-03-28.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Threat Intelligence & Assessments". www.nsa.gov. Retrieved 2020-07-05.
- ^ "What Are the Different Types of Cyberthreat Intelligence?". Security Intelligence. 2018-06-04. Retrieved 2020-07-05.
- ^ "CTIIC Home". www.dni.gov. Retrieved 2020-07-05.