Cyber Threat Intelligence (CTI)
Having a Threat Intelligence platform allows an organization to have a better understanding of the threats that are targeting them. This information can be used to improve the detection and response capabilities of the organization but researching how these threats are being conducted and test the effectiveness of the detection and response tools based on the specific data gathered from the Threat Intelligence research.
This used to be an expensive task, but we no have Open Source Threat Intelligence platforms like OpenCTI which leverage multiple free and paid sources of threat intelligence data to provide a comprehensive view of the threats targeting an organization. If using this tool consider using connectors like AlienVault, Abuse.ch, VirusTotal, MISP, CrowdSec, MITRE ATT&CK, and others to get the most out of the platform.
Outcome
- Have a tool to provide threat intelligence data
- Have alerts setup for interesting activity related to the organization business type
- Alerts are reviewed and simulation exercises are conducted to test the effectiveness of the Threat Detection and Response tools (see TDR).
Metrics
- Relevant threats detected
- Simulations conducted based on the alerts
- Number of improvements made to the detection and response tools based on the simulations
Tools & Resources
- OpenCTI (Free/Paid)
- Levelblue (Free/Paid)
- CrowdStrike Threat Intelligence (Paid)
- Cyberint (Paid)