114 | The Threat Intelligence Handbook

;; Proactively hunting internal threats, including

insider threats
;; Educating employees and customers on cyber
threats
;; Engaging with the wider threat intelligence
community
;; Identifying and managing information sources

Collecting and Enriching

Threat Data
We talked a little about sources of threat data in Chapter 2.
Here we explore how a threat intelligence team can work with
a range of sources to ensure accuracy and relevance.

The human edge

Threat intelligence vendors can provide some types of strate-
gic intelligence, but you can also develop in-house capabilities
to gather information about the topics and events most
relevant to your enterprise.
For example, you could develop an internal web crawler that
analyzes the web page code of the top 5,000 web destina-
tions visited by your employees. This analysis might provide
insights into the potential for drive-by download attacks. You
could share the insights with the security architecture team to
help them propose controls that defend against those attacks.
This kind of threat intelligence generates concrete data, which
is much more useful than anecdotes, conjecture, and generic
statistics about attacks.