Light Dark
September 14, 2018 By Paola Miranda 3 min read
Threat Intelligence
Intelligence & Analytics
Incident Response

“Offense wins games, but defense wins championships.” You’ve probably heard this old adage with respect to professional sports, but the proverb can also shed light on the importance of threat intelligence in cybersecurity operations, where weak defense can result in much more costly repercussions than a home run by the opposing team.

When it comes to protecting your organization, a security operations center (SOC), like a good baseball team, needs a strong defense to prevent attackers from scoring, predict the offense’s next move and proactively hunt for threats. To do so, security teams need to understand the different types of threat intelligence and the value that each contributes to the decision-making process at different levels of the enterprise.

Make Your Draft Picks

All SOCs are not created equal. They come in different shapes and sizes, but they all share the goals of protecting their organization and fighting malicious actors. The right threat intelligence at the right time empowers your team to block attacks in real time and helps mitigate the risk of attackers affecting your brand and reputation. So how do you choose the right threat intelligence for your organization?

Right off the bat, the threat intelligence landscape is complex. Offerings are plentiful and confusing, and there are many variables unique to your organization and industry that you should consider. Without clear goals and objectives, the task may seem daunting, but it can be simplified once you understand how to maximize the three types of threat intelligence: tactical, operational and strategic. Let’s dive in to each type so you can begin formulating a winning threat intelligence strategy that covers all your bases.

Defend Against Stolen Bases With Tactical Intelligence

Numerous external and internal threats expose your organization to threats on a day-to-day basis. Some of these turn out to be false positives while others turn into successful attacks. Without proper context, the vast amount of information available to your team to monitor threats can be overwhelming, and too many false positives can fatigue your analysts and cloud their judgment to identify real threats.

Tactical threat intelligence is technical data obtained from daily monitoring and analysis. This helps your security team detect and prevent unknown attacks. With this type of intelligence, analysts can better differentiate between potential threats by using indicators of compromise (IoCs) such as IP addresses, URLs and hashes. Tactical threat intelligence empowers your SOC to make immediate decisions to act against real-time threats that pose a significant risk to your organization.

Throw a Curveball at Attackers With Operational Intelligence

With repetition and practice, professional athletes improve on their game. The same is true for your security team. With experience, analysts can develop the skill of identifying threat patterns and attacker methodologies to proactively hunt for threats, leading to a stronger defense and more effective incident response.

Operational threat intelligence is a combination of technical data and profound analysis of threat groups, malware families, and tactics, techniques and procedures (TTPs). This type of threat intelligence will help your organization make better day-to-day decisions on task prioritization, threat mitigation and resource allocation.

Three Strikes, You’re Out With Strategic Intelligence

The beauty of sitting in the nosebleed section is that you get a bird’s-eye view of the game. Strategic threat intelligence is similar in that it’s most valuable to the highest levels of your organization, and it impacts critical companywide decisions. This type of threat intelligence is a real team effort; although it’s nontechnical in nature, it typically builds on top of tactical and operational threat intelligence.

Strategic threat intelligence explains the motivations of attackers, identifies future trends and considers current geopolitical events. With this information, executives can make informed decisions to mitigate future risk by enhancing security through refined organizational structure, improved internal processes and policies, and increased spending on resources and capabilities.

Hit Your Threat Intelligence Program Out of the Park

Now that you have a basic understanding of threat intelligence and how it adds value to the decision-making process at different levels of an enterprise, you can set your goals and objectives and use them as a filter to evaluate, compare and select the right combination of threat intelligence. Every organization is unique, but with the right resources in place, your team will be ready to play in the big leagues.

Watch the on-demand webinar, “Threat Intelligence, Cover Your Bases”

 |  |  |  | 
Paola Miranda
Product Marketing Manager, IBM

More from Threat Intelligence
July 26, 2024

img test

7 min read - test imgWhat is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages,…

November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature