Chapter 7. Cyber Threat Intelligence

The only secure computer is one that’s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location…​and I’m not even too sure about that one.

Dennis Hughes

With the rise of sophisticated and dangerous cyber threats, businesses now recognize that cyber threat intelligence (CTI) is essential. CTI plays a crucial role in identifying potential threats and vulnerabilities, encompassing both digital and physical security concerns. Its effectiveness hinges upon the combination of expertise, experience, and skills to proactively detect weaknesses and avert potential attacks. Various sources contribute to cyber threat intelligence, such as open source intelligence, social media intelligence, technical intelligence, device logfiles, internet traffic, and the deep and dark web.

This chapter delves into the intricacies of CTI, including data acquisition, processing, enrichment, and adversary mapping. It explores using narrative reports for intelligence mapping and integrating advanced technologies such as AI, machine learning (ML), deep learning, natural language processing (NLP), and voice synthesis. Additionally, it examines the significant role of CTI in fraud detection, its geopolitical impact, and the key players in the field.

To effectively manage the growing complexity of CTI, many businesses are outsourcing their CTI activities to managed security service providers (MSSPs). MSSPs are IT service providers specializing ...