;; Proactively hunting internal threats, including
insider threats ;; Educating employees and customers on cyber threats ;; Engaging with the wider threat intelligence community ;; Identifying and managing information sources
Collecting and Enriching
Threat Data We talked a little about sources of threat data in Chapter 2. Here we explore how a threat intelligence team can work with a range of sources to ensure accuracy and relevance.
The human edge
Threat intelligence vendors can provide some types of strate- gic intelligence, but you can also develop in-house capabilities to gather information about the topics and events most relevant to your enterprise. For example, you could develop an internal web crawler that analyzes the web page code of the top 5,000 web destina- tions visited by your employees. This analysis might provide insights into the potential for drive-by download attacks. You could share the insights with the security architecture team to help them propose controls that defend against those attacks. This kind of threat intelligence generates concrete data, which is much more useful than anecdotes, conjecture, and generic statistics about attacks.