Demystifying Cyber Intelligence


As cyber security takes its place as the industry to watch for the foreseeable future, discussion surrounding this sector has become a minefield of buzz words and infographics. One of its most talked about—yet least understood—concepts is.

Cyber Intelligence

In an ominous threat landscape, the use of Cyber Intelligence has become crucial for IT Security and Incident Response teams.[1]Although the implementation of Cyber Intelligence among IT departments is more widespread than ever, many security professionals are unclear about Cyber Intelligence and how to best use it.  Many CIO’s are currently implementing Cyber Intelligence but are unable to quantify how the solution improves their risk management posture. To make the most of Cyber Intelligence, security professionals need a basic understanding of how it works and what is needed to effectively utilizeit.

What is Cyber Intelligence?

For a tool regarded as indispensable to a solid cybersecurity posture, one would be hard-pressed to find a consensus on what Cyber Intelligence actually is. One reason for the disarray is that the tools and processes surrounding Cyber Intelligence are still maturing and adjusting against unpredictable threats. Discord also stems from a glut of community-driven standards that contradict each other, built on vague data and antiquated methodology. The lack of standardized knowledge of Cyber Intelligence has not only generated an uncertainty about its purpose, but also doubt among higher-ups about its ultimate value.

In a nutshell, Cyber Intelligence is a systemized coordination of analytics platforms, business intelligence, and information forensics that converts ingested data into an actionable security initiative.  Cyber Intelligence feeds are managed and analyzed by an integrated SIEM platform, a dedicated intrusion monitoring platform, or a holistic forensics platform.[2] Whatever the platform, an effective intelligence lifecycle is a feedback loop that can use the information it disseminates to optimize performance. Cyber Intelligence cycles can be broken down into the following steps.[3]

Though Cyber Intelligence can be a wormhole in terms of intricacy and depth, a simple definition makes it easier to recognize its place within Cybersecurity. From this outline, a basic understanding of how Cyber Intelligence works can be grasped. The success of Cyber Intelligence not only depends on the sophistication of the tools, but also the skill of cyberconsultants and decision-makers involved.

[1]SANS State of Cyber Threat Intelligence Survey: CTI Important and Maturing. SANS Analyst Program.

[2] “Who’s Using Cyberthreat Intelligence and How.”

[3] “An Introduction to Cyber Intelligence.”

Show Buttons
Hide Buttons