What is cyber intelligence?
According to CERT-UK, cyber threat intelligence (CTI) is an “elusive” concept. While cyber security comprises the recruitment of IT security experts, and the deployment of technical means, to protect an organization’s critical infrastructure, or intellectual property, CTI is based on the collection of intelligence using open source intelligence (OSINT), social media intelligence (SOCMINT), human Intelligence (HUMINT) or intelligence from the deep and dark web. CTI’s key mission is to research and analyze trends and technical developments in three areas:
Cyber espionage (advanced persistent threat or APT)
Those accumulated data based on research and analysis enable states to come up with preventive measures in advance. Considering the seriousness impacts of cyber threats, CTI has been raised as a(n) efficient solution to maintain international security.
From Wikipedia, the free encyclopedia
Why does this matter?
So the idea behind cyber intelligence is to understand the intent of the adversary in order to develop better strategies for dealing with them, including whether to be offensive, defensive or both. This cyber intelligence is provided in the form of intelligence products that result from collecting, evaluating and interpreting available data concerning known cyber attacks and their surroundings activities. It is important to remember that cyber intelligence is just that intelligence not fact. It is the best educated guess at what your adversary may do based on the data available. The larger the pool of data, the better the analytical abilities and the more effective the countermeasures may only serve to delay, deflect or disengage the adversaries.
What cyber intelligence sources do you rely on?