What does “cyber threat intelligence” mean? ;LA ik Yf Y\nYfce\ hrocekk thYt efYbdek the or_YfirYtiof to _Yther nYdmYbde ifki_htk bYke\ of the YfYdykik of cofteptmYd Yf\ kitmYtiofYd rikck Yf\ cYf be tYidore\ to the or_YfirYtiofËk kheciÔc threYt dYf\kcYhe$ itk if\mktry Yf\ mYrcetk& The process manages the collection, analysis, integration and production of previously disjointed information for the purpose of extracting holistic, evidence-based insights 36% regarding an organization’s unique threat landscape. This intelligence can make a signiÕcant of GISS respondents do not have a difference to the organization’s ability to anticipate breaches before they occur, and its threat intelligence program ability to respond quickly, decisively and effectively to conÕrmed breaches — proactively maneuvering defense mechanisms into place, prior to and during the attack. CTI focuses on identifying and analyzing the motivations, methods, capabilities and tools of adversaries who may seek to target an organization by pairing external analysis with data that was once segmented within the enterprise. While some organizations may choose to deÕne CTI as solely a component or input driven service, it is important to note that a process based intelligence life cycle within an operational framework is required to deliver actionable results. Accordingly, a holistic CTI program consisting of processes for collecting, producing and disseminating tactical and strategic intelligence, continually augmented with timely situational awareness updates (also known as “current intelligence”), is required. This helps explain who the relevant adversary is, how and why they may be attacking the organization, what actions they could take following the initial compromise, where they may reside within the organization, and how to detect or respond to an attack. EY’s approach to cyber threat intelligence s e c ur Tactical intelligence Strategic intelligence Current intelligence o Intelligence reporting portals Indicator repositories • Social media analysis l and s • • e a Threat intelligence platform Indicator feeds and communities • Deep/dark web analysis z • • Visualization tools Analysis platforms • Open source (OSINT) analysis • • echnic Open source (OSINT) analysis T • ollect and analy Security Threat metrics and trending analysis Business Early warning operations support alignment Attack campaigns 1) C • Social media Indicator collection Research, reporting and assessments Risk assessments • • • Geopolitical events Kill chain analysis Prioritization • unctions • • F Threat modeling Emerging capabilities Hunting support Decision support • • • EY’s cybersecurity capabilities EY’s business resources External e Information at Security Incident Vulnerability Attack and Active High value Business Industry Regional sharing gr monitoring response management penetration Defense asset SMRs SMRs SMRs partners and e protection industry innovation 2) Int alliances @oo \o yom Ôf\ the crimifYdk before they commit the cybercrime? — A close look at cyber threat intelligence | 3