Threat Intelligence Research
Threat research is a counterintelligence gathering effort in which security companies and researchers attempt to discover the tactics, techniques, and procedures (TTPs) of threat actors.
- 3 main forms:
- Behavioral Threat Research
- Narrative commentary describing:
- examples of attacks and tactics
- TTPs gathered through primary research sources
- Narrative commentary describing:
- Reputational Threat Intelligence
- Blocklists of known threat sources, such as malware signatures, IP address ranges, and DNS domains
- Threat Data
- Computer data that can correlate:
- events observed on a customer’s own networks and logs
- with known TTP and threat actor indicators
- Computer data that can correlate:
- Behavioral Threat Research
- can be packaged as feeds that integrate with a SIEM
- usually called cyber threat intelligence (CTI) data
- process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources
- data on its own is not a complete security solution
- threat data must be correlated with observed data from customer networks
- often powered by AI in a SIEM