THREAT INTELLIGENCE & INFOSHARING: THE BUSINESS ISSUE
The Cyber threat landscape is growing rapidly and organizations, both public and private, are faced with increasingly complex and numerous attacks. In such a scenario, Cyber Threat Intelligence (CTI) is an essential part of risk management, enabling a greater understanding of the threats that are occurring and those that are being prepared, and gathering the information needed to prevent, identify and mitigate attacks, in order to minimize their impact.
But Cyber Threat intelligence can no longer be limited to the corporate sphere: the notion of Cyber Intelligence is increasingly joined by that of Cyber Infosharing, which is the ability of different players, industries, financial services companies, public or private actors, to share intelligence capabilities and IoCs to create a common awareness and ability to respond to cyber risk, especially for threat prevention purposes.
In order for Cyber Threat Intelligence & Infosharing to be effective, there are two key factors: the relevance of the information, which must be rapidly available, complete and reliable, and its interoperability, which must be supported by the standardization of CTI information according to specific formats (e.g. STIX, TAXII, etc.).
• Document Analysis
• Management of meta-information
• Observable collection
• On-demand acquisition
• Correlation between feed information and observables
OBSERVABLE & IoC
• Observables/feeds correlation
• Promotion to IOC
• STIX editor
• TAXII Sharing
• Research on documents
• Information Export
INCIDENT MANAGEMENT WORKFLOW CREATION
AUTOMATED DOCUMENT ANALYSIS AND OBSERVABLE EXTRACTION
INCIDENT ENRICHMENT & FEED CORRELATION
This provides the intelligence team with all the information they need to assess and take action on the incident.