What Is Cyber Threat Intelligence
In order to perform threat hunting, it is especially important to have at least a basic understanding of the main cyber threat intelligence concepts. The objective of this chapter is to help you become familiar with the concepts and terminology that are going to be used through out this guide
In this chapter, we are going to cover the following topics:
• Cyber threat intelligence
• The intelligence cycle
• Defining your intelligence requirements
• The collection process
• Processing and exploitation
• Bias and analysis
Let's get started!
Cyber threat intelligence
It is not the goal of this book to deep dive into complex issues surrounding the different
definitions of intelligence and the multiple aspects of intelligence theory. This chapter is meant to be an introduction to the intelligence process so that you understand what cyber threat intelligence (CTI) is and how it is done, before we cover cyber threat intelligence (CTI) CTI-driven and data-driven threat hunting. If you think you are well-versed in this matter, you can proceed straight to the next chapter.
If we want to discuss the roots of intelligence discipline, we could probably go back as far as the 19th century, when the first military intelligence departments were founded. We could even argue that the practice of intelligence is as old as warfare itself, and that the history of humanity is full of espionage stories as a result of needing to have the upper hand over the enemy.
It has been stated over and over that in order to have a military advantage, we must be
capable not only of understanding ourselves, but also the enemy: how do they think? How
much resources do they have? What forces do they have? What is their ultimate goal?
This military need, especially during the two World Wars, led to the growth and evolution
of the intelligence field as we know it. Several books and papers have been written about
the craft of intelligence, and I sincerely encourage anyone interested in the matter to visit the Intelligence Literature section of the CIA Library (https://www.cia.gov/) library/intelligence-literature) section of the CIA Library, where you can find several interesting lectures on the subject.
The definition of intelligence has been under academic discussion among people better-versed in the matter than me for more than two decades. Unfortunately, there is no consensus over the definition of the intelligence practice. In fact, there are those who defend the intelligence craft, something that can be described, but not defined." In this book, we are going to detach ourselves from such pessimistic views and offer the definition proposed by Allan Breakspear in his paper A New Definition of Intelligence (2012) as a reference: "Intelligence is a corporate capability to forecast change in time to do something about it. The capability involves foresight and insight, and is intended to identify impending change, which may be positive, representing opportunity, or negative, representing threat."