There are 3 levels of cyber threat intelligence: tactical, operational, and strategic. They progress from the micro to the macro level in terms of detail and time frame. These levels involve different goals, tasks, and results. Show
Tactical CTITactical CTI deals with the what (IoCs, TTPs); the low-level, technical details of individual attacks and attackers. It focuses on the short term. Tactical CTI is usually produced for the incident response (IR) team, SOC analysts, risk analysts, IT, and IT tools (e.g., SIEM, firewalls, IDS/IPS, endpoints). Operational CTIOperational CTI deals with the how and where (TTPs); the mid-level details of attack campaigns and attackers. It’s the middle level between tactical and strategic CTI. It’s less technical than the tactical level, but more technical than the tactical level. It focuses on the medium term. It helps mid-level decision-makers better understand vulnerabilities, threats, and attacks, to make more informed decisions about defending the organization against specific threats. Operational CTI is usually produced for the incident response (IR) team, network security team, SOC analysts, threat hunters, vulnerability management team, risk analysts, and managers in IT (e.g., CISO, CIO) and other areas (e.g., PR, HR, legal). Strategic CTIStrategic CTI deals with the who (attribution) and why (motive, intent). It deals with the high-level, big-picture details about attack trends and the threat landscape. It’s the least technical level. It focuses on the long term. It helps senior decision-makers make more informed decisions about mitigating risks and defending the organization against general threats. Strategic CTI is usually produced for organizational leaders (e.g., CEO, CIO, CTO, CFO, other executives) and GRC (governance, risk, and compliance) analysts. Additional ResourcesTypes of Threat intelligence is discourse information that describes threats and guides organizations in taking numerous business selections. it’s extracted from an enormous assortment of sources and data. It provides operational insight by looking outside the organization and issue alerts on evolving threats to the organization. For the higher management of knowledge that’s collected from totally different sources, it’s necessary to subdivide threat intelligence into differing types. This subdivision is performed supported the consumers and goals of the intelligence. Supported the consumption of threat intelligence, it’s divided into four differing types. they’re specifically strategic threat intelligence , tactical threat intelligence , operational threat intelligence , and technical threat intelligence. These four Types of threat intelligence dissent in terms of information assortment, knowledge analysis, intelligence consumption.1. Strategic Threat Intelligence :Strategic threat intelligence provides high-level information relating to cyber security posture, threats, details regarding t he money impact of various cyber activities, attack trends, and t he impact of high-level business selections. This info is consumed by high-level executives and management of the organization like IT management and CISO. It helps t he management in characteristic current cyber risks, unknown future risks, threat teams, and attribution of breaches. The intelligence obtained provides a risk primarily based read that primarily focuses on high-level ideas of risks and t heir chance. It primarily focuses on long-term problems and provides period of time alerts of threats on organization’s vital assets like IT infrastructure, employees, customers, and applications. This type of threat intelligence is employed by t he management to require strategic business selections and to investigate t he result of such decisions. supported the analysis, the management will assign comfortable budget and employees to guard vital IT assets and business processes. Related Product:- Certified Threat Intelligence Analyst | CTIA The strategic threat intelligence is mostly within the kind of a report that primarily focuses on high-level business ways. Since the characteristic of strategic threat intelligence is superior, the info assortment additionally relates to high-level sources and needs extremely competent professionals to extract the intelligence. This intelligence is collected from sources like OSINT, CTI vendors, and ISAO/ISACs. The strategic threat intelligence helps organizations establish similar incidents which may have happened within the past, their intentions, or attribution to grasp the adversaries of an attack, why the organization is within the scope of an attack, major attack trends, and how to reduce the risk level. Generally, the strategic threat intelligence includes the following information:–
The money impact of the cyber activity 2. Tactical Threat Intelligence :Tactical threat intelligence plays a serious role in protective the resources of the organization. It provides info related to TTPs used by threat actors (attackers) to perform attacks. Tactical threat intelligence is consumed by cyber security professionals such as IT service managers, security operations managers, network operations center {NOC) employees, administrators, and architects. It helps the cyber security professionals understand however the adversaries area unit expected to perform the attack on the set-up; identify the knowledge leakage from the organization, and the technical capabilities and goals of the attackers alongside the attack vectors. Using tactical threat intelligence security personnel develop detection and mitigation ways beforehand by change security merchandise with known indicators, patching vulnerable systems, etc. The collection sources for tactical threat intelligence embrace campaign reports, malware, incident reports, attack group reports, human intelligence, etc. This intelligence is mostly obtained by reading white/technical papers, communication with different organizations, or getting intelligence from third parties. It includes extremely technical info like malware, campaigns, techniques, and tools within the form of forensic reports. Also Read:- Frameworks of Threat Intelligence 3. Operational Threat Intelligence :Operational threat intelligence provides info above specific threats against the organization. It provides contextual info above security events and incidents that help defenders disclose potential risks, offer bigger insight into offender methodologies, establish past malicious activities, and perform investigations on malicious activity in a very more economical way. it’s consumed by securitymanagers or heads of incident response, network defenders, security forensics, and fraud detection groups. It helps organizations understand the possible threat actors and their intention, capability, and opportunity to attack, vulnerable IT assets, and also the impact of the attack if it’s with success several cases, only government organizations will collect this type of intelligence, that also helps IR and forensic groups in deploying security assets with the aim of identifying and stopping future attacks, up the capability of detecting attacks at an early stage ,and reducing its harm thereon assets. Operational threat intelligence is mostly collected from sources like humans, social media and chat rooms, and additionally from real-world activities and events that lead to cyber attacks. Operational threat intelligence is obtained by analyzing human behavior, threat teams, and so on. This info helps in predicting future attacks and therefore enhancing incident response plans and mitigation ways as required. Operational threat intelligence is mostly within the kind of a report that contains known malicious activities, recommended courses of action, and warnings of emerging attacks. 4. Technical Threat Intelligence:Technical threat intelligence provides information above an attacker’s resources that are used to perform the attack; this includes command and control channels, tools, etc. It has a shorter lifespan compared to tactical threat intelligence and mainly focuses on a specific loC. It provides rapid distribution and response to threats. For example, a malware used to perform an attack is tactical threat intelligence, where as the details related to the specific implementation of the malware come under technical threat intelligence. Other examples of technical threat intelligence include specific IP addresses and domains used by malicious endpoints, phishing email headers, hash checksum of malware, etc. Technical threat intelligence is consumed by SOC staff and IR teams. The indicators of technical threat intelligence are collected from active campaigns, attacks that are performed on other organizations, or data feeds provided by external third parties. These inculcators are generally collected as part of investigations on attacks performed on various organizations. This information helps security professionals add the identified indicators to the defensive systems such as 105/IPS, firewalls, and endpoint security systems, thereby enhancing the detection mechanisms used to identify the attacks at an early stage. It also helps them identify malicious traffic and suspected IP addresses used to spread malware and spam mails. This intelligence is directly fed into the security devices in digital format to block and identify inbound and outbound malicious traffic entering the organization’s network. Questions related to this topic
Get More Knowledge by CTIA
This Blog Article is posted by What is strategic operational and tactical intelligence?Strategic intelligence informs the most senior decision-makers, operational intelligence is aimed at those making day-to-day decisions and tactical intelligence is focused on units in need of instantaneous information.
What is tactical threat intelligence?Tactical threat intelligence is evidence-based knowledge about the tactics, techniques, and procedures (TTPs) that digital adversaries use to execute cyberattacks against enterprise targets.
What are differences between tactical and strategic threat intelligence?Strategic Intelligence: Non-technical, risk-based intelligence used by high-level decision makers. Tactical Intelligence: Details of threat actor tactics, techniques, and procedures (TTPs). Operational Intelligence: Actionable information about specific incoming attacks.
What are the 3 types of threat intelligence data?Building an effective cyber threat intelligence program requires a comprehensive view of the threat landscape your organization is facing. Depending on why it's collected and what information it yields, the umbrella of threat intelligence can be divided into three major pillars: strategic, operational, and tactical.
|
