Cyber Intelligence Overview
Knowledge is power. Knowledge about threats, techniques, bad actors and plans are a foundation for an organization’s security. The term “Intelligence” has been used by military for many years. For example, the intelligence collected in the days of the United States Cold War ranged from troop movements to government intrigue. As more activities shifted to the digital realm, Cyber Intelligence became a common activity and term evolved.
Why is Cyber Intelligence Important?
The world is complicated and complex. There are over 7 billion people on Earth with various dreams, goals, schemes and ideas. Some of these people’s actions have detrimental impacts on you or the organization you care about protecting. These people could be acting alone, in groups or at the behest of a government. Knowledge about the actions and plans of those who seek to do harm before the harm is inflicted is possible with intelligence.
Types of Intelligence
Intelligence is collected through various means. It can be classified into three broad categories.
Human Intelligence (HUMINT): This type of intelligence is gathered from human sources. This involves using sources or trusted people to send information and tips your way. Cultivating these sources is a complex process that is accomplished by intelligence agencies and other operators.
Signals Intelligence (SIGINT): This type of intelligence is gathered from electronic signals. This intelligence could be gathered through hacking into networks to obtain private information. Capturing information transmitted through wiretaps is another classic example of SIGINT.
Open Source Intelligence (OSINT): This type of intelligence is gathered from publicly available sources. The Internet is home to massive amounts of information and content. Social Media has made every person a news source. A publicly available profile can reveal a lot about not only the owner, but their network of friends and the environment they post from. For example, an image uploaded contains data on picture location and more.
Gathering Cyber Intelligence
We established that intelligence is important and looked at the types. If all pieces of intelligence are given the same credence, the valuable news will get lost in the noise. That is why there must be a systematic process involved.
- Gather information from different sources.
- Process and parse the information into a standardized format. This might mean separating out the date, source or other attributes that aid in analysis.
- Analyze information for importance. This step involves doing background research.
- Interpret information for organizational relevance.
- Disseminate information for the organization to act upon.
Start Using Cyber Intelligence
If you are ready to start bringing cyber intelligence to bear in your organization, you can handle internally or use a trusted vendor. There are many free and open resources that compile information on threats. A member of your team can continually visit resources like DHS’s Automated Indicator Sharing, FBI’s Infragard, MITRE ATT&CK and Internet Storm Center. Then they must adapt according to relevant information.
Using an external resource for cyber intelligence can get companies up-to-speed quicker than starting internally. Relying on a company that has more experience in the field can bring a skilled team to assist in a rapid fashion. Cipher offers Cyber Intelligence Services that use a team of experts and tried and trusted methods. One such expert, André Pinheiro, Cipher Director of Cyber Intelligence, shared his take on Cyber Intelligence in an episode of the Cipher Podcast.
The intelligence gathered can compliment 24/7 monitoring of the digital environment by CipherBox. Using a single provider for intelligence and monitoring can further enhance security.