Cyber threat intelligence (TI), defined as data that offers insight into a threat actor’s motives, targets, and behaviours, has soared in popularity in recent years.
These factors have contributed to a TI boom where subscription data feeds proliferate.
In this environment, purchase of TI tooling and subscriptions to data feeds are more popular than ever, as more organisations seek to anticipate and defend against the latest offensive techniques and tooling, and react to the latest vulnerability disclosures.
While most TI subscriptions rely on the sheer volume of data as an indication of value, an experienced operator knows that the amount of truly actionable TI is small, and that ‘noisy’ data feeds can impair operations.
The utilisation of TI in principle enables an organisation to move from reactive to proactive security, promising foresight to global threats posed by advanced cyber attackers. However, organisations should not regard TI as a silver-bullet solution.