Cyber Threat Intelligence and OSINT
We are living in a world where any number of cyber threats can bring an organization to its knees and it can be downright terrifying. Few years ago, threat intelligence first became a new buzzword in cybersecurity. Threat intelligence was not always a concept easily understood by typical IT security professionals.
Intelligence can be derived from lists/files which contains the information about IP’s, hashes and URL’s, but that information and the objects in the lists themselves are not intelligence. Threat Intelligence is taking available data and extracting meaningful information from that data related with the threat actor’s action for the purpose of providing insight into decision-making.
The main purpose of threat intelligence is to help organizations and understand the risks of the most common and severe external threats, such as advanced persistent threats (APTs), zero-day threats, and exploits. After all, threats require appropriate defense, and cyber threat intelligence delivers the capability to defend more proactively. It provides context — like who is attacking you, what their motivation and capabilities are, and what are the Indicators of Compromise (IoC) in your systems to look for — that helps to make informed decisions about your security.
Open Source Intelligence (OSINT)
Open Source Intelligence are information or data which are accessed and gathered from public sources for any specific purpose. The most common OSINT is known to be Internet where it includes blogs, social media, websites, government portals, deep web and sometimes even the dark web. OSINT also includes traditional channels such as Newspaper, Television, Radio, Magazines; Books, Academic Publications such as journals & research papers etc.
OSINT can be used by the public civilian for basic knowledge, business, and public opinions; by government for any national threat analysis, services; by any cybercrime groups for any illegal activities; and by a cybersecurity professional for technical foot printing, cyber defense.
OSINT Implications to Cybersecurity:
- Ethical Hacking and Penetration Testing
- Recognizing External Threats
Security analysts in SOC can leverage the benefits of OSINT and tackle the issues faced to normalize and optimize the Cyber Threat Intelligence (CTI) operations.
Click here to read the importance of cyber threat intelligence, OSINT, use cases and its implications to cyber security.