Member-only story
How to Build a Home-Based Cyber Threat Intelligence System
What is Threat Intelligence?
Threat intelligence involves analysing evidence-based information about cyber attacks, enabling cyber security experts to identify issues contextually and create targeted solutions for the detected problems.
Rooted in data, similar to open source intelligence (OSINT), threat intelligence provides context — like who is attacking you, what their motivation and capabilities are, and what indicators of compromise (IOCs) in your systems to look for — that helps you make informed decisions about your security.
It is important to note that within the topic of Cyber Threat Intelligence (CTI), there are several important subtopics to understand; Indicators of compromise and Advanced Persistent Threats and Traffic Light Protocol are three key areas to study in relation to CTI.
Indicators of Compromise (IOCs)
Indicators of compromise refer to data which can indicate that an organization may have been compromised by external actor. They are used by security teams to enrich logs in the SIEM so that, for example, if a new domain is marked as as malicious by a threat intelligence provider, and activity is detected between an organization an the domain, the security team should be alerted and conduct an investigation.
Types of IOC data include:
- IP Addresses
