Zero days
Threat Intelligence – Leveraging knowledge for prevention.

Threat intelligence is a broad term in cybersecurity that ultimately means having the knowledge of where your threats lie and how your adversaries exploit risks. Having this understanding can give you a heads up on where the next attack might be coming from.

Threats versus Vulnerabilities

The term threat and vulnerability are often confused for one another. A threat is specifically anything that can exploit a vulnerability. On the other hand, vulnerability is a weakness or gap in security that a threat could expose. An example of this would be, a burglar is a threat to the security of your home, vulnerability is the side door lock doesn’t work correctly. Understanding threat intelligence is finding out how the intruder thinks and what they are looking to exploit to identify the risks and put safeguards in place.

Where does threat intelligence come from?

Threat intelligence comes from various sources but can be categorized as either internal or external. Internal sources may be logs collected on a SIEM, alerts, or incident response plans. Using historical data of your network can help correlate information and identify threats hitting your system and the areas that they are most interested in. As for external sources or “open source” intelligence, are pulled from many places to include antivirus companies like Symantec or McAfee or other feeds that capture data regarding attack vectors and malicious logic.

Why do you need threat intelligence?

Attacks are changing every day and new ones are discovered all the time. Not having any information about attacks can leave you blind to new tactics and methods. Additionally, depending on the industry your company is in, the intelligence can help focus your resources on the threats that are most important to you. This allows you to be more responsible in your security plan and choose the right assets to protect. Pulling threat intelligence to understand better your alerts will give you the advantage when securing your network and should not be overlooked.

Share this content:
Related posts: