Why should I care about cyber threat intelligence?

Isn't it enough that I have firewalls in place and make sure my personnel is advised how to avoid viruses attacking their computers? I also have a computer emergency response team ready to help if something bad happens.

Well, for these questions you could easily state a counter-question: Wouldn't it be even better if you could decrease the number of vulnerable services and get your personnel working for something more productive than fixing the issues?

With cyber threat intelligence you can actually do that. You can decrease the number of issues when you are aware of the cyber threats around you and you can take actions to fix your weak spots before anyone attacks your network. Often, it is much easier to fix the issues proactively than react only after the attack when wider damage has been taken place.

To get the most benefit out from the cyber threat intelligence it is often the best solution to automate it. This way you do not need to engage your people in trying to understand all the possible threat information that is available all over internet.

By automating the threat intelligence you first select the tool to help you with that. Then you decide which of the threat information sources you want to activate. Many times there might be a national cyber security center or other similar official offering you a qualified cyber threat feed that you could take in use. You can also start with open source feeds that offer you quality information free of charge, such as ShadowServer.

Once you have the cyber threat intelligence flow in place the next thing is to act on the received information. It is a good practice to follow up the new threats as soon as they are notified to you by your system and make the necessary fixes at your earliest convenience.

You could make your flow even more robust by integrating your cyber threat intelligence software to your existing cyber security tools such as security and information event management systems or ticketing tools. One of the most useful integrations is to deploy a security sensor that can automatically use the latest cyber threat information to monitor your outgoing traffic and alert you in case of any malware URLs or criminal command and control servers are spotted.

See it now? Ultimately, an automated cyber threat intelligence process helps you not only decrease the number of issues but also see the big picture on your cyber situation and stay on top of that.