Threat intelligence
benefits organizations of all shapes and sizes by
helping them to better understand their attackers, respond faster to incidents,
and proactively get ahead of an adversary’s next move. For SMBs, intelligence
helps them achieve a level of protection that would otherwise be out of reach.
On the other hand, enterprises with large security teams can reduce the cost
and required skills by leveraging external threat intel and make their analysts
more effective.
From top to bottom, cyber threat intelligence offers unique advantages to every member of a security team.
Here’s how it can benefit each position, and the specific use cases that apply
to each:
Function
|
Benefits
|
Sec/IT
Analyst
|
Optimize
prevention and detection capabilities and
strengthen defenses
|
SOC
|
Prioritize incidents based
on risk and impact to
the organization |
CSIRT
|
Accelerate incident
investigations, management,
and prioritization |
Intel
Analyst
|
Uncover and track threat actors
targeting the
organization |
Executive
Management
|
Understand the risks the
organization faces and what the
options are to address their impact |
Function
|
Use
Cases
|
Sec/IT
Analyst
|
- Integrate TI feeds with
other security products
- Block bad IPs, URLS, domains, files etc |
SOC
|
- Use TI to enrich alerts
- Link alerts together into incidents - Tune newly deployed security controls |
CSIRT
|
- Look for information on
the who/what/why/when/how
of an incident - Analyze root cause to determine scope of the incident |
Intel
Analyst
|
- Look wider and deeper
for intrusion evidence
- Review reports on threat actors to better detect them |
Executive
Management
|
- Assess overall threat
level for the organization
- Develop security roadmap |