1.0 KiB
-
intelligence refers to information you gather about actual and potential enemies
-
threat is any action that can disrupt or adversely affect a system
-
Threat intelligence aims to gather information to help the company better prepare against potential adversaries.
-
The purpose would be to achieve a threat-informed defense
Intelligence needs data. Data has to be collected, processed, and analyzed. Data collection is done from local sources such as network logs and public sources such as forums. Processing of data aims to arrange them into a format suitable for analysis. The analysis phase seeks to find more information about the attackers and their motives; moreover, it aims to create a list of recommendations and actionable steps.
Learning about your adversaries allows you to know their tactics, technics, and procedures. As a result of threat intelligence, we identify the threat actor (adversary), predict their activity, and consequently, we will be able to mitigate their attacks and prepare a response strategy.