Cyber threat intelligence (CTI) is very important to a country’s security. So what is cyber threat intelligence? CTI is what information collected on cyber threats becomes after it has been collected, evaluated in the context of where it came from and how reliable it is, and analyzed by experts. Like all intelligence, CTI adds value to the information gathered on any threats on cyber security, something that eliminates any doubt on the accuracy of the intelligence. Other than that, CTI helps those who the information is relevant to identify threats and opportunities. To produce accurate, timely, and relevant intelligence, analysts must identify similarities and differences in massive quantities of information and also detect any deception in it.

Analysis in CTI depends on three main factors. These factors include the individuals posing the threat, their intentions, and their capabilities. The analysts also consider the tactics used by those individuals, their techniques, procedures they follow, what motivates them, and if they can access their intended target. After looking into these factors, analysts are able to come up with strategic, operational, and tactical assessments that are informed.

To come up with informed strategies, strategic intelligence analysis is carried out. Here, small bits of information are assessed to form integrated views. These views are shared with policy and decision makers to inform them on existing and potential issues, and/or warns them early enough on threats. Strategic cyber threat intelligence reveals the actors, tools, tactics, techniques, and motives behind a threat. It does this by identifying the trends, patterns, and emerging risks and threats; therefore, providing timely warnings or informing decision and policy makers.

Analysts who have specialized in operational intelligence assess specific, potential incidents related to activities, investigations, and/or events. By doing this, they are able to give advise that will provide support and guidance to those responsible with responding to the threat. These analysts provide intelligence that is highly specialized and technically-focused relating to the tools, malware, and campaigns to their response teams.

Other than assessing activities, investigations, and real-time events, tactical intelligence analysts also provide day-to-day operational support. One of the important duties they carry out to support day-to-day operations and events is developing signatures and indicators of compromise. In carrying out their duties, tactical intelligence analysts usually apply advanced analysis techniques together with some traditional ones.

CTI has, is, and will remain critical to every level of territorial, tribal, local, and state governments. It benefits those in the field, such as law enforcement officers and information technology specialists, policy makers, police chiefs, Chief Information Security Officers, and senior executives.