In this week’s article #BSidesMunich2025 NEINth Edition we are looking at how we proactively say, “No!” to attackers in security by exploring cyber threat intelligence.
Cyber threat intelligence is the process of gathering and analyzing information about potential cyber threats and using that information to protect an organization’s systems and data. Threat intelligence information can be collected from multiple sources such as:
- Proprietary threat intelligence feed providers
- Government agencies
- Malware information security communities
- Information sharing and analysis centers (ISACs)
- Open source intelligence
- Internal security information
Threat intelligence provides indicators of compromise, malware information, TTPs (techniques, tactics and procedures) of active attackers, information detected from the dark web… the list goes on. Threat intelligence feeds will often be made available in a way that it can be digitally consumed and analyzed.
This information can be used by incident response teams and threat hunting teams. It can help prioritize protect and prevent security measures. And, the information can be used to inform organizational cyber risk management.
While cyber threat intelligence offers a great deal of potential to reduce successful attacks, implementing it is not trivial. One of the challenges is how to manage the sheer volume of information that is available for analysis. Check out Tomer Doitshman’s approach to this problem in his presentation from last year’s BSidesMunich, “Real-Time Threat Intelligence with ML Feedback Loops”. https://youtu.be/a1VFajvpJgM
BSidesMunich2025 – NEINth Edition
https://2025.bsidesmunich.org