Cyber-threat intelligence


15 May 2016



What is Cyber Threat ?

This is a cyberthreat in which malicious individuals or formations attempt to gain unauthorized access to devices or a control network, disrupt or render the network unusable.
Cyber-threats can be caused by various places, people, organizations. So let's give this a little bit of an example ;

Commercial competition content
Governments and intelligence agencies
Employees who intend to strike

Organized crime groups (gangs)

The actions of the above-mentioned cyberthreat resources to do harm are called cyberthreats. These threats provide an idea of what kind of scenario the attackers can follow when they attack their victims. For example, the cyber threats we're talking about:

WIPER attacks: Malware that erases everything in the system it is infected in such a way that it cannot be restored.
Distributed Denial of Service (DDoS): These are out-of-service (or service deceleration) attacks.
Malvertising: Malware embedded in advertising.
Malware Spyware
Trojan: It is also called "Trojan Horse", which is malware that provides remote access to the computer.
Phishing: Phishing attacks.
Data breaches: Data leaks.
Worm: Software that acts as worms.
Keylogger: Malware that records keyboard operations.
Backdoor: To access the system again (quietly


The purpose of Cyber Threat


The purpose of cyberthreat is to show organizations and organizations cyberthreats against them,
help the target make sense of the incident, and protect the target.

Cyberthreat intelligence is also intended to detect the thoughts, objectives, motivations,
methods and methods of attackers after analyzing the data collected.

>>>---Cyberthreat intelligence is divided into 3 groups according to their level.--<<<
1 - Strategic Intelligence =>It's the kind of intelligence that's meant to recognize the enemy. It is created as a result of monitoring of institutions, organizations, individuals, or groups with potential for damage. It contains information about the attackers' intentions, motivations, tactics and strategies, past actions and possible attacks.

2 - Operational Intelligence=>This type of intelligence includes the technical, tactical and procedures of the attackers. This information is served to teams providing the SOC (Security operation Center) service and can be analyzed by them and used as a precaution against potential attacks.

>>What is SOC (Security operations Center)?<<

It is a central unit that deals with security issues at the corporate and technical level. It includes three building blocks to manage and improve the security of an organization: People, process and technology. The security operations center acts as a framework that connects these building blocks.
3 - tactical Intelligence=>it contains data that identifies potential malicious activity on the prompt and network. This data, called IOC (Indicators of compromise), is unusual and suspicious activity data in their structure. Tactical intelligence, SIEM, IDP/IPS, DLP, Anti-Spam, Firewall adapts to security solutions such as Endpoint Protection

