Cyber Threat Intelligence (CTI) Life Cycle
Cyber threat
intelligence (CTI) defined as a knowledge about threats and the
intentions and methods behind them, which is collected, analyzed and
disseminated in ways that helps security and business staff at all level to
protect the most critical assets of the organization. The primary purpose of
the CTI is to gather intelligence about the threats that pose a higher risk to
the organization and help the management to take preventive measures to
mitigate those risks.
CTI Life cycle
CTI life cycle is an iterative process explaining the collection
of raw data and its conversion into useful intelligence. The first stage in
this process is planning and direction. A
traditional CTI life cycle consists of six steps.
1. Planning and direction
The first stage in the CTI life cycle is about setting your goal
according to the core values of the organization and planning, in which
adversaries might target your organization. The most valuable assets, such as
credit card and financial account data, confidential business information, must
be prioritized accordingly.
2. Collection
collection stage involves gathering data from various sources
such as honeypots and scanners on the network. Data may include malicious IP
addresses, personal data of the customers, or texts from social media.
3. Processing
In the processing stage, data is stored, organized, and
converted into useful information. Nowadays, organizations receive terabytes of
data. It is humanly not possible to process such a large amount of data. Therefore,
organizations implement SIEM solutions to make the process easy and efficient.
4. Analysis
In this stage, threat information is analyzed, interpreted, and
converted into actionable threat intelligence. Important decisions regarding
the further investigation of a potential threat or actions required to prevent
a cyber-attack are taken based on this intelligence.
5. Dissemination
Different audiences have different preferences for how often and
in what form they receive threat intelligence. In this stage, the intelligent
output is displayed to the right people at the right time. This stage also
involves keeping track of previous stages so that continuity remains intact.
6. Feedback
Feedback is the last but crucial stage. In this stage, specific
teams who initially made threat intelligence request, review the final product
and determine whether it is as per requirement or not.
Comments