HOW TO COLLECT AND USE INTERNAL
THREAT INTELLIGENCE

When it comes to threat intelligence, context and relevance are paramount. The most contextually relevant threat information is based on the actual attacks an organisation faces every day. Often, organisations overlook the opportunity to leverage this internal threat intelligence, instead focusing on external threat intelligence.

For example, many organisations now use sandboxing to detect new malware attacks, however they might only use a single SHA from the sandbox for detection or blocking. However, a typical sandbox generates tens or even hundreds of threat indicators covering a wealth of information about the malware and how it operates. These can be used for detection of previous activity that was missed at the time, or used for future detection of related intrusion attempts.