The basic dynamics of threats and our responses to them remain unchanged: one party aims to compromise another by stealing, damaging assets, or leveraging something for extortion. We counter these threats through intelligence by understanding attackers’ tools and techniques, monitoring for attack plans, identifying vulnerabilities, and collaborating with others to spot suspicious behavior.
What has significantly changed is the battlefield’s size. The dark web now offers numerous hidden spots for bad actors to operate, posing a challenge for cyber threat-hunting teams to keep up. The expanding domain for conversations and attack plans means that genuine threats can be obscured by noise. Cyber threat intelligence providers have countered this with AI and big data tools to gather and analyze vast amounts of raw information.
However, the evolution of human intelligence’s role in cyber threat intelligence is even more crucial. While AI and big data tools efficiently collect and analyze large datasets from known threat sources, they fall short in discovering new threat sources or inferring motives behind coded communications. Effective cyber threat intelligence hinges on aggregating information from diverse and expanding sources because new threats won’t always emerge from previously known locations.
Human intelligence complements AI and big data by guiding intelligence collection and providing contextual insights. Experts can interpret the signals detected by AI systems, assessing the nature of these signals and identifying potential vulnerabilities.
As the noise increases, the ability to discern real threats becomes critical. More signals will emerge, but without effective filtering, threat intelligence consumers are left to sort through unfinished information. Our goal as cyber threat intelligence providers is to deliver finished, actionable threat information, allowing consumers to act swiftly and intelligently on fewer, but more significant, threats.