Page 80 - Cyber Defense eMagazine July 2024
P. 80

External  threat  intelligence  refers  to  the  data  collected  from  outside  sources  about  past  and  current
            threats.  This  can  include  information  about  threat  actors,  their  tactics,  techniques,  and  procedures
            (TTPs),  indicators  of  compromise  (IOCs),  and more.  This  type  of intelligence  is  provided  by different
            products, including feeds, as well as specialized  platforms and portals that accumulate large databases
            and allow users to search them.



            Advantages of Internal Threat Intelligence


            Detailed and Specific Understanding

            Internal threat intelligence, being sourced from the organization's  infrastructure, provides a detailed and
            specific understanding of an organization's  unique threat landscape.


            Real-Time and Relevant Data

            Internal  threat  intelligence  offers  real-time  and  highly  relevant  data.  It  allows  organizations  to  quickly
            identify and respond to threats that are directly impacting their systems and networks.


            Historical Records

            Historical  records  in  internal  threat  intelligence,  encompassing  past  alerts  and  network  activity,  offer
            valuable insights into potential incidents. These records also aid analysts in quickly deciding if an alert is
            a false positive, enhancing threat response speed and accuracy.



            Advantages of External Threat Intelligence

            Broader Understanding  of Current Threats

            Internal  security  systems  can  only identify  threats  that  are already  known.  External  threat  intelligence
            offers fresh information from various sources. In the event of a possible security incident, such intelligence
            can provide valuable context and insights.

            For  instance,  it can  help  you  determine  if the  incident  is  part of  a  larger  campaign  targeting  multiple
            organizations, or if it's an isolated incident. It can also supply information about the threat actor's typical
            behavior and tactics, which can guide your incident response strategy.

            Proactive Threat Anticipation

            External  threat intelligence  enables  organizations  to anticipate  potential  threats and vulnerabilities.  By
            understanding  the  TTPs  of  threat  actors  and  the  latest  trends  in  cyber  attacks,  security  teams  can
            proactively strengthen their defenses and be better prepared to respond to incidents.









            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          80
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   75   76   77   78   79   80   81   82   83   84   85