Threat Intelligence

There are several categories of threat intelligence. https://info-savvy.com/types-of-threat-intelligence/ Technical Threat Intelligence Technical cyber intelligence involves collecting information about the attacker’s resources, such as command & control channels and tools. For example, it focuses on technical clues that indicate cybersecurity threats to phishing emails and malicious URLs. The goal is to collect information on specific IOCs (IP addresses, phishing email headers, hash checksums). This type of threat intelligence is important because it allows for the analysis of attacks. However, the value of technical threat intelligence is short-lived because hackers often change tactics. It is crucial to detect and analyze IOCs at the right time. Tactical intelligence is used by SOC team members. The information obtained here leads to new rules being written into the organization’s current security products (IDS/IP, firewalls, endpoint security systems, etc.). Suspicious IPs may also be detected from spam emails. The information obtained is directly fed back into the organization’s products. ...