Cyber threat intelligence (CTI) has been widely acknowledged as an essential component of cyber risk management and cyber defence programs. Numerous organizations rely on open-source and commercial threat feeds to improve incident response and threat hunting operations, and inform resource allocation. Yet, the value of external CTI can be restricted by the quality, reliability, or relevance of the information.
This paper examines:
- Why security teams should look beyond secondary threat data to implement a CTI program that aligns with the organization’s specific environment and threat model;
- How malware and phishing alerts can transform into a valuable source for the generation of proprietary threat intelligence;
- Which automation approach can be used to establish a sustainable routine for the generation of in-house threat intelligence.