23 August 2023

From reactive to proactive: The next evolution of threat intelligence

Jason Harrison

As the world becomes increasingly digital, the need for cyber threat intelligence (CTI) is growing in parallel. Current estimations project that 120 zettabytes of data will be created, captured, copied, and consumed worldwide in 2023. From that wealth of information, Microsoft tracks 65 trillion security signals every day to discover new and emerging threats across the global threat landscape. These data signals are just one piece of the larger CTI puzzle customers need to sift through to discover the ultimate threat.

By analyzing these Rapidly growing volumes of information creates an opportunity for cyber defenders to better understand and protect our global attack surface. As individual pieces of data are translated into CTI, security teams will use that insight to identify existing security vulnerabilities and gain a deeper understanding of cybercriminal activity.

When thinking of analyzing not 1 but a120 zettabytes is an overwhelming amount of data for human operators to try to consume and analyze to generate a high fidelity signal of CTI. Organizations need a better way to connect these disparate signals to achieve a state of comprehensive, real-time threat intelligence. Keep reading to learn how automation and AI are coming together to launch CTI into a new, increasingly proactive state.

Understanding threat intelligence and its benefits

Threat intelligence is often mistakenly labeled as nothing more than a feed of indicators of compromise (IOCs). But true CTI is much more than a feed.

CTI comes from multiple data sources, including open-source threat intelligence, threat intelligence feeds, and even in-house analysis. Organizations need this intelligence to flow constantly to keep up with the transient, short-lived nature of the internet and its associated risks.

What's more, digital sprawl and a growing interdependence on third-party technology partners have created an extensive enterprise attack surface for cyber defenders to monitor and protect. Visibility into these attack pathways helps defenders act more strategically, providing visibility into where a business' attack surface exists, and which threats are most relevant to its operations.


When analyzing their current threat intelligence, organizations should look for a way to combine IOC data with other relevant security signals. In doing so, they can better correlate current events and adjacent attacks; create an understanding of threat group and nation-state tactics, techniques, and procedures (TTPs); identify security gaps; and more. Businesses should also look for ways to aggregate all their CTI data into a unified view, helping security teams make more informed decisions about how to prepare for, detect, and respond to cyberattacks as early as possible. The key is injecting as much passivity into the CTI process as possible. That's where automation and AI come in.

Integrating threat intelligence into your security environment

Security products are typically designed to protect against a specific threat or target. However, cyberattacks are often multi-threaded and can go undetected for weeks or even months before there is a serious breach. Organizations can overcome this risk by using automation to incorporate threat intelligence into their existing security gaps.

Automation and AI will help lighten the load on security teams by processing and sorting through raw threat intelligence data to surface only the most relevant insights. Businesses can then use this information to identify weaknesses in their current defense strategy and uncover their most likely attack vectors. Automating the collection and initial analysis of your security signals is key to proactively discovering and responding to threats in real-time.

In the past, CTI has been treated as a reactive defense measure used mainly after the fact. Security teams would collect and store threat intelligence to analyze an attack that had already happened, hoping to glean insights for future similar attack scenarios. However, as technology advances, defenders can now unlock the power of automation and AI--enabling companies to move into a new era of proactive threat intelligence in which cyber defenders can take advantage of security signals in near real-time.

No comments: