1.8 KiB
1.8 KiB
By Jake Munroe of Recorde Future Source: Recorded Future website Published: February 4, 2022 Retrieved: March 7, 2022
Jake Munroe lists some uses of threat intelligence on the three layers as identified in a-5.7-Threat-intelligence:
Strategic:
- setting priorities and making informed security architecture and budget decisions
- focussing your threat intelligenge programme in line with the organization's strategy, by defining and tracking Priority Intelligence Requirements 1
- heightened awareness of relevant emerging threats, TTPs 2, and threat groups
Tactical:
- integrating Indicators of Compromise (IoC’s) into security tools to enable contextual intelligence
- using detection rulesets from hunting packages on threat actors and malware
Operational:
- better understanding of specific attacks and the relationships between threat actors, indicators, and TTPs
- mapping threat intelligence to common frameworks like MITRE ATT&CK to classify behaviors, assess security gaps, and share intelligence with the cybersecurity community
-
An agreement to prioritize certain information collected and processed over others because of the organization’s critical need for this data. – source ↩︎
-
- Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” – source