Cyber Threat Intelligence (CTI) can be defined as the contextual analysis of threat actor intent, capabilities and opportunities that helps organizations to better strategize around protection requirements and remediate active threats. While this definition broadly applies across the entire security organization.
For instance, first-line SOC analysts require timely, tactical intelligence to make quick decisions and keep the organization safe from imminent threats, whereas senior executives may require longer term trend and forecast intelligence for strategic planning.
Consider this scenario. An IP address used to host a malicious command and control (C2) server is discovered by security analysts. After some processing and analysis, it is discovered that this indicator of compromise (IOC) matches detected threat alerts associated with malware seen on the corporate network. With this insight, the security team is able to take quick and immediate action to clean infected systems and block related malicious communications and subsequent attacks. ...read more!
