Page 63 - Cyber Defense eMagazine August 2024
P. 63
“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators,
implications and actionable advice, about an existing or emerging menace or hazard to assets that can
be used to inform decisions regarding the subject's response to that menace or hazard.”
- Gartner -
In other words, threat intelligence is knowledge based on various data and information to respond to
threats.
To understand threat intelligence, it is essential to distinguish between “data,” “information,” and
“intelligence.”
Data: Raw, unprocessed metrics such as IP addresses, URLs, and hash values.
Information: Analyzed and processed data that provides context but may not offer actionable in
sights.
Intelligence: The result of analyzing and processing various data points to create meaningful inf
ormation within a specific context, guiding decision-making and action.
The Pyramid of Pain
The “Pyramid of Pain”, introduced by security expert David J Bianco in 2013, illustrates how different
levels of cyber threat indicators impact attackers. The pyramid emphasizes TTPs (Tactics, Techniques,
Procedures) as the most effective method of preventing attacks. Blocking lower-level indicators, like hash
values, IP addresses, and domain names, imposes minimal stress on attackers while blocking high-level
indicators requires them to expend significant effort and resources. Using TTP indicators for defensive
measures allows organizations to detect all steps of an attack from start to finish, posing a significant
challenge to attackers.
Cyber Defense eMagazine – August 2024 Edition 63
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
