Tags:
Cyber threat intelligence (CTI) is a top priority in the 2019 National Intelligence Strategy produced by the ODNI (Office of the Director of National Intelligence).
The report raises many concerns around growing risks with emerging technologies like AI and nanotech, along with the rise of more technically advanced adversaries.
Specifically, the ODNI's mission around CTI is to "detect and understand cyber threats from state and non-state actors engaged in malicious cyber activity to inform and enable national security decision making, cybersecurity, and the full range of response activities."
Sounds a lot like what the security industry already provides with commercial CTI services and platforms that are available to both the government and private sector.
SANS defines CTI (per the SANS CTI FOR578 course description) as "the collection, classification and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence - [that] gives network defenders information superiority that can be used to reduce the adversary's likelihood of success with each subsequent intrusion attempt."
The ODNI report defines CTI as "the collection, processing, analysis, and dissemination of information from all sources of intelligence on foreign actors' cyber programs, intentions, capabilities, research and development, tactics, targets, operational activities and indicators, and their impact or potential effects on U.S. national security interests. Cyber threat intelligence also includes information on cyber threat actor information systems, infrastructure, and data; and network characterization, or insight into the components, structures, use, and vulnerabilities of foreign cyber program information systems."
SANS surveys from 2018 and 2019 (available on February 5; registration required for both resources) on CTI show that most organizations are adopting CTI and integrating it into security operations for detection and response.
But unlike the ODNI, most businesses don't have the intelligence operatives to sift through and analyze the data. That's why our 2018 CTI survey saw a growth in organizations using CTI platforms rather than trying to wing it with their own APIs and collectors.
Based on our surveys, CTI is improving respondents' prevention, detection and response capabilities. In 2018 and 2019, 81% of respondents affirmed that CTI is helping, compared to 78% in 2017 and 64% in 2016.
What's improving in 2019 and how are businesses operationalizing and using CTI data? More organizations are consuming CTI (especially in the form of finalized intelligence reports), and integrating them into their defensive mechanisms, according to results from our 2019 survey to be released on February 5. Our 2019 survey respondents report that CTI is improving:
- Visibility into threats and attack methodologies
- Visibility into vulnerabilities and where to implement new security measures
- Ability to prioritize efforts and resource utilization
- More accurate risk analysis
Tune into our 2019 CTI Survey Results webcasts on February 5 and 7 with SANS instructors and survey authors Robert M. Lee and Rebekah Brown.
Register for Part 1 here: www.sans.org/webcasts/108905
Link to Part 2 here: www.sans.org/webcasts/108910