Threat Intelligence – What It Is and Why You Need It

Type carbonblack
Reporter Christopher Mitchell
Modified 2019-05-20T15:00:56


Threat intelligence is a broad term. Some might think it refers to having information about what threats are out there. But in the evolved world of cybersecurity, threat intelligence is actually a verb. Cybersecurity threat intelligence is the ability to take closed-source or open-source data from around the world to collect indicators of compromise, then using those indicators to find the most advanced attacks on your network.

Watch my short video explaining threat intelligence

Why Threat Intelligence is Important

Every morning that your team comes into the office, there are new threats that have been discovered elsewhere. What hit someone in Singapore 12 hours ago may hit your systems today. Threat intelligence is your way to find out about these new threats and proactively put up barriers to defend against them. Without threat intelligence your team is reactive; which is a much more damaging and expensive position to be in if a breach occurs.

Where to Get Threat Intelligence

The key to sourcing threat intelligence is getting it from a source where threat analysts are dedicated to finding new threats. At Carbon Black, we have a team of threat researchers called the TAU group (Threat Analysis Unit). They are 100% focused on finding and identifying new threats and surfacing this information in real-time so that threat hunters can be prepared. As fixes are developed, these go into the threat hunting community.

But threat intelligence doesn’t just come from Carbon Black. Our users are on the front lines and when they find suspicious activity, they share it with the broader threat hunting community. Together, it makes for a powerful source of threat intelligence data.

If you’re just getting started or want the bigger picture, Carbon Black also takes this information and summarizes it in Quarterly Threat Reports and Research. This content is open to the public and can be very helpful for companies to set priorities for addressing up and coming threats.

How to Make Threat Intelligence a Verb

Like in my definition, threat intelligence isn’t very useful to just have. You need to take action on it; which is why I refer to threat intelligence as a verb. Once you have your sources for threat intelligence identified, you need to ensure your team has the time to absorb it and put it to use by running tests.

Threat intelligence should be a daily task where your team:

  1. Identifies what new threats have arisen.
  2. Tests your systems for vulnerabilities to these new threats.
  3. Takes steps to defend against these potential attacks.

You don’t have to boil the ocean. Just focus on the threats that are relevant in your industry and you’ll come out with a much stronger security posture and with much more confidence that you are prepared for what’s coming.

The post Threat Intelligence - What It Is and Why You Need It appeared first on Carbon Black.