Automate, Adopt, Adapt: How Cyber Threat Intelligence Evolved over the last 12 months


The SANS 2021 Cyber Threat Intelligence (CTI) Survey is now available and, not surprising given the events of last year, the theme of “resilience” comes through loud and clear. In the face of added cybersecurity challenges brought on by the global pandemic, cybersecurity practitioners report that their organizations have continued to grow and mature their CTI capabilities in the following ways: 

  • Automate. To reduce the amount of time they spend on repetitive collection and processing tasks to focus on higher-level analytic activities, analysts are leveraging more automated CTI tools and processes. This is particularly beneficial as analysts are increasing the number and variety of external threat data sources they are using to support detection and investigation. 
  • Adopt. Organizations of all sizes and across all industries are adopting CTI programs, reflecting broad-based recognition of the benefits that investments in CTI programs provide. From tactical to strategic decision making, CTI is demonstrating its value as organizations battle increasingly menacing threat actors seeking to cause disruptions and profit during this global crisis.
  • Adapt. CTI analysts have adapted and changed the way they operate. As organizations shifted to a distributed workforce, security teams shifted as well. It simply wasn’t possible to lean across the desk to compare data and analysis, walk down the hall to check in another analyst or tap an analyst on the shoulder to assign them a task. So, CTI teams turned to online communication and collaboration tools to make their increased workload more manageable.

The ThreatQ platform is designed to support each of these key imperatives.

For instance, the ThreatQ platform automatically normalizes, deduplications and aggregates data from all your different external threat data sources. Understanding the who, what, where, why and when of an attack enriches external data with context from internal threat and event data. It also automatically scores and prioritizes threat intelligence based on parameters you set and continuously reevaluates and reprioritizes as new data and learnings are added to the platform. Once analysts investigate and determine what actions need to be taken, the platform can automatically send updated protections to your sensor grid.  

The platform is designed to meet the requirements of your unique environment to streamline adoption. With an SDK, easy-to-use APIs and a comprehensive set of industry-standard interfaces, it fully integrates with existing ecosystems of teams, tools and processes so that organizations of all sizes and across industries can ramp up quickly and gain value. Furthermore, the integration is bi-directional, allowing systems and tools to feed data and events back to the ThreatQ platform so that it can serve as organizational memory for learning and improvement.

Every team needs a way to adapt to an increasingly distributed work environment with tools that enable communication and remote collaboration. Using the ThreatQ platform, analysts can access the intelligence they need to do their jobs as part of their workflow and can actively share learnings to deepen their understanding of threats and campaigns. A virtual cybersecurity situation room enables collaboration within a single environment. Analysts can conduct and coordinate efforts, sharing the same pool of threat data and evidence. Rather than working independently and in parallel, which can lead to dead ends or key information falling through the cracks, analysts can directly communicate with each other. They can automatically see the work of others understand how it impacts and can benefit their own work, and can quickly divvy up tasks to accelerate detection and response. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results.

It’s great to see how organizations are realizing the value of CTI as a resource for understanding, prioritization and action when complex challenges arise.

Download your complimentary copy of the 2021 SANS CTI Survey for additional key learnings and details. 

And in case you missed the SANS survey results webcast, you can view it here on demand.


Blog Archive

About ThreatQuotient™

ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, empowers security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response and advance team collaboration.
Share This