- Largely deals with past events and bringing them to present [describes / explains / evaluates / tracks]
- Basic intelligence is relevant to intelligence analysts to gain an historical understanding of the threat landscape
Cyber threat intelligence (CTI) can be defined as “contextually enriched information concerning actors, threats, and vulnerabilities presented to enhance the decision-making process and heighten the consumer’s security posture.” This enriched information is the result of planning, collection, analysis, and dissemination leading to greater situational awareness and the integration of countermeasures.
The importance of cyber threat intelligence lies in its ability to be consumed by all teams within a security program, as well as a majority of security solutions. This level of influence ensures human consumers have a higher level of understanding of the threat landscape enabling judgement-based decision making and security technologies implement countermeasures to contest the actions of actors with malicious intent. Without actionable and contextualized CTI, security teams will be making best guesses and assumptions instead intelligence-based decisions.
Cyber threat intelligence should have different levels of focus that make it relevant to the consumer of that intel. Below are definitions and examples of each:
The Fidelis Elevate platform consumes threat intelligence from the Fidelis Threat Research Team (TRT) in the form of countermeasures and automated threat feeds. These countermeasures and threat feeds are the results of TRT Security Researchers and Cyber Threat Intelligence Analysts curation of intelligence information and analysis from multiple open-source and proprietary sources.