What is strategic threat intelligence?
In another blog about tactical threat intelligence, we talked about how tactical and strategic threat intelligence complement each other. Tactical intelligence is a tree, and strategic intelligence is the forest. Strategic intelligence might be a threat landscape report focused on a particular industry, technology, or region; or it could be a more sophisticated request-for-information (RFI) from a client that requires research over a more extensive set of indicators and intelligence requirements or for a more extended period of time than a more tactical, ad hoc RFI. On the Digital Shadows (now ReliaQuest) side, we usually produce reports throughout the year, such as the ransomware or industry vertical quarterlies we create for our clients.
Typically the users of strategic threat intelligence are often the ones who hold the keys to funding or decision-making or otherwise have a stake in the security posture for an organization:
- It may be senior members of a security team, such as engineers or SOC managers, who are studying adversary capabilities to design better implementations of security tools.
- It could also be executives, such as a CSO concerned with their company’s external threats, or even a CFO or COO, who may need trending security data to justify future spending or current costs.
- It could even be a SOC analyst who decides to search retroactively in logs for any telltale signs of activity upon learning about long-term research on a specific threat actor or campaign.
- A CTI team might use a strategic report such as one of our ransomware quarterlies, or Verizon’s DBIR, for example, to support their own findings in a report they’re writing.
How does Digital Shadows (now ReliaQuest) develop strategic threat intelligence?
Almost every vendor with skin in the intelligence or security industry produces strategic threat intelligence, and we’re no different. The most common examples are Verizon’s annual data breaches investigation report (DBIR) or vendors who release regular quarterly or annual reports. Our most common use cases for strategic threat intelligence typically are based on some of our long-term research, such as quarterly reports on threats to our clients’ industry verticals or trending data on specific threats such as ransomware or initial access brokers. In addition to some of the regularly published research, we will also work with you to develop strategic requests for information.
As we’ve written about before, a request-for-information typically comes from a specific customer need that goes a little more in-depth than your standard tactical RFI. This might be an organization putting together scheduled events or planning to expand operations into new markets over a year and may need a series of intelligence products to support their security needs.
Often these products may need to look further back than just a few occurrences or days or months. There may be more assessments and forecasting involved to get a better understanding of future trends. Again, these are all typically driven by specific customer needs, and so we may develop some general intelligence requirements while also including more specialized ones based on each report.
What Solutions are There for You?
A recent example of a strategic threat intelligence product we’ve produced was our domains research paper. A company new to the digital space may need to understand how adversaries use impersonating domains and websites to target their customers or partners. In the case of our research, we looked at several different ways that adversaries use social engineering to phish and harvest credentials that might be of concern to anyone with a web presence. We also looked at some high-risk industries regarding how fraud via domain impersonations (and everything that comes with it) might affect a company in those spaces.
Research may also include some of the other usual hallmarks of threat intelligence research products, and may touch on adversary TTPs (tactics, techniques, and procedures), case studies of known attacks, historical indicators of attack or compromise assessments, and sometimes even forecasting.
Digital Shadows (now ReliaQuest)’ Intelligence Expertise
We understand your need for strategic intelligence because, chances are, our analysts have been in your position before. From the latest on ransomware campaigns to news about exploited vulnerabilities, promptly passing on crucial information to a customer is what every intelligence analyst aspires to, and Digital Shadows (now ReliaQuest) is no different in that regard.
To learn more about best practices for Cyber Threat Intelligence, download our Cyber Threat Intelligence Solutions Guide.
Suppose you’re curious about how we can solve your questions by making strategic threat intelligence work for you. In that case, you can always sign up for a 7-day test drive of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) or talk to us about a demo to define more specific use cases that can help intelligence work for you.