Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Cyber Threat Intelligence a Top Priority for National Intelligence

Authored by

Cyber threat intelligence (CTI) is a top priority in the 2019 National Intelligence Strategy produced by the ODNI (Office of the Director of National Intelligence).

The report raises many concerns around growing risks with emerging technologies like AI and nanotech, along with the rise of more technically advanced adversaries.

Specifically, the ODNI's mission around CTI is to "detect and understand cyber threats from state and non-state actors engaged in malicious cyber activity to inform and enable national security decision making, cybersecurity, and the full range of response activities."

Sounds a lot like what the security industry already provides with commercial CTI services and platforms that are available to both the government and private sector.

SANS defines CTI (per the SANS CTI FOR578 course description) as "the collection, classification and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence - [that] gives network defenders information superiority that can be used to reduce the adversary's likelihood of success with each subsequent intrusion attempt."

The ODNI report defines CTI as "the collection, processing, analysis, and dissemination of information from all sources of intelligence on foreign actors' cyber programs, intentions, capabilities, research and development, tactics, targets, operational activities and indicators, and their impact or potential effects on U.S. national security interests. Cyber threat intelligence also includes information on cyber threat actor information systems, infrastructure, and data; and network characterization, or insight into the components, structures, use, and vulnerabilities of foreign cyber program information systems."

SANS surveys from 2018 and 2019 (available on February 5; registration required for both resources) on CTI show that most organizations are adopting CTI and integrating it into security operations for detection and response.

But unlike the ODNI, most businesses don't have the intelligence operatives to sift through and analyze the data. That's why our 2018 CTI survey saw a growth in organizations using CTI platforms rather than trying to wing it with their own APIs and collectors.

Based on our surveys, CTI is improving respondents' prevention, detection and response capabilities. In 2018 and 2019, 81% of respondents affirmed that CTI is helping, compared to 78% in 2017 and 64% in 2016.

What's improving in 2019 and how are businesses operationalizing and using CTI data? More organizations are consuming CTI (especially in the form of finalized intelligence reports), and integrating them into their defensive mechanisms, according to results from our 2019 survey to be released on February 5. Our 2019 survey respondents report that CTI is improving:

  • Visibility into threats and attack methodologies
  • Visibility into vulnerabilities and where to implement new security measures
  • Ability to prioritize efforts and resource utilization
  • More accurate risk analysis

Tune into our 2019 CTI Survey Results webcasts on February 5 and 7 with SANS instructors and survey authors Robert M. Lee and Rebekah Brown.

Register for Part 1 here: www.sans.org/webcasts/108905

Link to Part 2 here: www.sans.org/webcasts/108910

SANS Security Insights | Cyber Threat Intelligence a Top Priority for National Intelligence | SANS Institute