FROM INTELLIGENCE GATHERING TO CYBER THREAT DETECTION
FROM INTELLIGENCE GATHERING TO CYBER THREAT DETECTION
Author(s): Antonio VILLALÓN-HUERTA, Ismael RIPOLL-RIPOLL, Héctor MARCO-GISBERTSubject(s): Security and defense, Military policy, ICT Information and Communications Technologies
Published by: National Institute for Intelligence Studies
Keywords: Intelligence; Cyber Intelligence; CYBINT; Tactics and Techniques; TTP; Indicators of Compromise;
Summary/Abstract: Intelligence plays a key role in the detection and neutralisation of threat actors in cyberspace, particularly when dealing with advanced ones. However, the relationship between intelligence and the final detection capabilities is not well–defined in most cases. Even the role of information gathering disciplines, which are the basis of intelligence and therefore of cyber intelligence, is confusing and not consensual between authors. In this work we contextualize intelligence gathering disciplines in the cyber intelligence arena. We discuss the role of all of these disciplines in the characterization of advanced threat actors, from the strategic to the tactical views. Once characterization has been performed, we analyse the detection capabilities that intelligence provides, in the form of indicators of compromise, both low–level and behavioural ones. Following this approach, in this work we are defining the road from initial intelligence gathering to threat detection.
Journal: Romanian Intelligence Studies Review
- Issue Year: 2023
- Issue No: 1(29)
- Page Range: 5-32
- Page Count: 28
- Language: English