Cyber Threat Intelligence (CTI)

Cyber Threat Intelligence (CTI)

• Refers to the data collected and used by an organization to better comprehend past, current, and future threats

• The information gathered provides context into what is happening within an organization’s network, helping to identify potential threats and stay protected against future attacks

• One of the major keys to a successful and efficient cybersecurity program is to work proactively, rather than reactively

• Applying insights obtained via the data allows security teams to make quicker, more informed security decisions so they can stay one-step ahead of cyber threats 

Cyber Threat Intelligence: Sources

There are different sources from which the Cyber Threat Intelligence (CTI) feeds can be obtained

• Threat intelligence feeds is classified into two categories:

a) CTI feeds available on the internet for free called publicly available feeds

b) CTI feeds which need to be purchased from security vendors called private threat intelligence feeds

• Organization can formulate its own work frame or procedure to obtain the cyber threat intelligence from various entities as per the requirement and as per the operation

• The cyber threat intelligence can be collected from two major sources in practice though there is no definite and concrete source of intelligence:

a) Open sources: Open sources of information are widely available but may not be accurate, reliable or valid

b) Closed sources: Those information with restricted access, police crime recording systems and information available through information sharing agreements (ISAs) with partners

Uses of Open Source Information

i. develop an understanding of the locations relevant to a piece of analysis

ii. identify the potential impact of social and demographic changes

iii. identify external factors that may impact on crime, disorder and community concerns

iv. support and develop investigations by indicating lines of enquiry or corroborating other information

v. support the development of subject profiles and problem profiles.

vi. there are several factors to take into account when using open-source information:

vii. access may require the user to register or pay a fee (online news media, the electoral roll)

viii. the use of open-source information should be audited

ix. the effect of local security policies on access to open-source information (some sites are not available to local users)

x. it is not subject to the same quality standards as closed sources

xi. it should be corroborated by supporting information

Closed Source Information

• Closed sources of information are those with restricted access, police crime recording systems and information available through information sharing agreements (ISAs) with partners

• Information from police closed sources is not evaluated through the intelligence report process and is usually assessed to be reliable

• Users should, however, still critically view the information and understand the context in which it has been collected, and its purpose

• Closed-source information is also available from:

i. Other Armed forces

ii. Specialist closed sources, financial intelligence, special branch intelligence, prison intelligence

iii. Existing intelligence and analytical products

iv. Information from partners, including the National Intelligence Agencies

v. Organizations that are part of the local community safety partnership.

vi. A covert internet investigator may be required to access some closed-source information

Types of threat intelligence

1. Strategic threat intelligence

• A high-level analysis typically reserved for non-technical audiences such as stakeholders or board members

• Usually covers topics like security scores and the potential impact of an organization decision

• The goal of strategic threat intelligence is to understand the broader trends and motivations affecting the threat landscape

• Strategic threat intelligence sources are unlike other intelligence categories because the majority of the data comes from open sources, meaning it can be accessed by anyone

• A few examples include local and national media, white papers and reports, online activity and articles, and security ratings

2. Tactical threat intelligence

• Focuses on the immediate future and helps teams determine whether existing security programs will be successful in detecting and mitigating risks

• Identifies the indicators of compromise (IOCs) and allows responders to search for and eliminate specific threats within a network

• IOCs are historical evidence of a particular threat and serve as archetype examples of the threats security teams should be aware of, such as unusual traffic, log-in red flags, or an increase in file/download requests

• The most basic form of threat intelligence

3. Operational threat intelligence

• Aims to answer the questions, “who?”, “what?”, and “how?” and is gained by examining the details of past known attacks that have been identified through tactical intelligence

• Helps security teams understand the details surrounding specific cyber-attacks by providing context for factors such as intent, timing, and sophistication

• By studying past or ongoing attacks, teams can gain insight into the intelligence and capability of their organization’s adversary

4. Technical threat intelligence

• Provides information above an attacker’s resources that are used to perform the attack; this includes command and control channels, tools, etc.

• Has a shorter lifespan compared to tactical threat intelligence and mainly focuses on a specific IOC

• Provides rapid distribution and response to threats

Cyber Threat Intelligence: Importance

• Threat intelligence is useful for many reasons, the most important being that it helps security professionals understand an attacker’s thought process, revealing motives and attack behavior behind a threat

• This information helps security teams learn the tactics, techniques, and procedures employed by potential hackers, and can be leveraged to improve security efforts such as threat monitoring, threat identification, and incident response time

• The following objectives can be achieved by implementing the threat intelligence:

a) Staying up to date with daily emerging threats, methods, weaknesses, targets, etc. that are huge in volumes.

b) Make us more proactive against the threats that are about to happen in the future

c) Informing the users, stakeholders, and leaders about the latest threats and the effects they could have on their businesses

d) CTI will help our in lowering down our overall expense. If our response to the data breach is slow, then we can end up losing more money

e) CTI will help our security team in identifying new security threats. All our security team needs to do is check if it is a false positive or an actual threat

f) Cyber Threat Intelligence will protect our enterprise from cybercriminals

g) A CTI system will help us in avoiding data breaches. It will check all the suspicious domains or IP addresses that are trying to communicate with our system

h) Cyber Threat intelligence shares crucial cybersecurity practices and information with our organization

i) CTI will provide us with an in-depth analyzsis of every cyber threat. Thus, a CTI system will help our Organization in analyzing the different techniques that cybercriminals can use

j) Ability to collect and analyze a large amount of contextual data

k) Improved detection of advanced persistent threats (APT) and ability to prioritize based on risk posed to the organization

l) Bringing our organization peace of mind through a proactive cybersecurity policy

m) Building the framework to constantl adapt and protect against new cyber threats as they are developed

n) Monitoring of network access, security, and risk

Cyber Threat Intelligence Reports

• Reports which describes the members of Advanced Persistent Threat (APT) groups or any cyber threat, how they work and how to recognize their tactics, techniques and procedures

• Cyber threat intelligence reports also cover vulnerabilities of specific Organization technologies, such as email, sandboxes and mobile devices

• With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks




Comments

Narendra Kumar Malla thakuri said…
This comment has been removed by the author.
August 16, 2025 at 5:32 PM
Post a Comment

Popular posts from this blog

विधिशास्त्रको परिचय र महत्व (Introcution and Importances of Jurisprudence)

  विधिशास्त्रको के हो ?      यस विषयमा विभिन्न दार्शनिक एव कानुनविद् तथा विद्धन्हरुले आ-आफ्नो परिभाषा दिदै आएका छन् । कतिपयले यसलाई कानूनको दर्शन (Philosophy of Law)  भनेर परिभाषा गरेका छन् भने कतिपय विधिशास्त्रीहरुका विचारमा विधिशास्त्र भनेको कानूनको विज्ञान (Science of Law)  हो । अर्काथरी कानूनविद्हरुको मत अनुसार विधिशास्त्र कनूनको विशुद्ध अध्ययन (study of law) नै हो ।   विधिशास्त्रका प्राध्यापक प्याटनको - “ कानूनशास्त्र र विधिशास्त्रका विषयमा आजसम्म जे जति अध्ययन , मनन , अनुसन्धान भए जति अन्यसम्म अरु कुनै विषयमा , यस्तै गहन खोज तथा अनुसन्धान अरु शास्त्रमा नै भएको छैन ” भन्ने भनाईका आधारमा पनि विधिशास्त्रको अध्ययन क्षेत्र कति विस्तृत र व्यापक छ भन्ने कुराको अनुमान गर्न सकिन्छ । प्रसिद्ध रोमन विधिशास्त्री अल्पियन ( Ulpian ) ले आफ्नो “ डाइजेस्ट ” नाम ग्रन्थमा विधिशास्त्रीलाई उचित एवं अनुचितको विज्ञान  साल्मण्ड (Science of just and unjust) भनेका छन् ।वास्तवमा विधिशास्त्र विधि वा कानूनको ज्ञान मात्र नभएर विधिको क्रमबद्ध ज्ञान हो । ...
Read more
 नेपालको एउटा बैंक लुट्ने क्रममा लुटेराले कराउदै भन्यो: "कोही हलचल नगर्नू। यो पैसा राज्यको हो। तर ज्यान तपाईंहरूको हो। राज्यले राज्यको धन जोगाओस्। तपाईंहरूले आफ्नो ज्यान जोगाउनुस्।" बैंकमा भएका सबैजना भुइँमा सुते। यसलाई "सोच परिवर्तनको अवधारणा" भनिन्छ जसले परम्परागत सोच्ने तरिकालाई परिवर्तन गर्दछ। सोही क्रममा एउटी महिला अटेर गरेर एउटा टेबलमाथि बसेको देखेर एउटा डाँंकु चिच्यायो: "कृपया सभ्य बन्नुहोस्! यो डकैती हो र बलात्कार होइन!" यसलाई "व्यावसायिक हुनु" भनिन्छ जसले तपाईंले जे गर्न तालीम पाउनुभएको छ त्यसमा मात्र लक्षित गराउँछ! बैंक लुटेराहरू आफ्नो अड्डामा फर्केपछि एउटा एमबिए पास गरेको डाँकाले ५ कक्षा मात्र पढेको बोसलाई भन्यो: "बोस, हामीले कति पैसा लुट्न सफल भएछौं गनेर हेरौं।" उसको बोसले हकार्दै भन्यो: "कस्तो मूर्ख कुरा गरेको? यहाँ एकदम धेरै पैसा छ जसलाई गन्न धेरै समय लाग्छ। आज हामीले कति लुट्यौं भनेर भरे टिभिमा समाचारले भनिहाल्छ नि!" यसलाई "अनुभव" भनिन्छ। हिजोआज किताबी ज्ञानभन्दा अनुभवको महत्त्व हुन्छ। डाँकाहरू निस्केप...
Read more