A Threat Intelligence Program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. The program supports decision-making processes, prioritizes defenses, and improves incident response by delivering actionable intelligence tailored to the organization's risk profile and operational environment. This mitigation can be implemented through the following measures:
Establish a Threat Intelligence Team:
Define Intelligence Requirements:
Leverage Internal and External Data Sources:
Implement Tools for Automation:
Analyze and Act on Intelligence:
Share and Collaborate:
Evaluate and Update the Program:
Tools for Implementation
Threat Intelligence Platforms (TIPs):
Threat Intelligence Feeds:
Automation and Enrichment Tools:
Analysis Frameworks:
Community and Collaboration Tools:
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1212 | Exploitation for Credential Access | Develop a robust cyber threat intelligence capability to determine what types and levels of threat may use software exploits and 0-days against a particular organization. | |
| Enterprise | T1211 | Exploitation for Defense Evasion | Develop a robust cyber threat intelligence capability to determine what types and levels of threat may use software exploits and 0-days against a particular organization. | |
| Enterprise | T1068 | Exploitation for Privilege Escalation | Develop a robust cyber threat intelligence capability to determine what types and levels of threat may use software exploits and 0-days against a particular organization. | |
| Enterprise | T1210 | Exploitation of Remote Services | Develop a robust cyber threat intelligence capability to determine what types and levels of threat may use software exploits and 0-days against a particular organization. | |
| Enterprise | T1656 | Impersonation | Threat intelligence helps defenders and users be aware of and defend against common lures and active campaigns that have been used for impersonation. | |