The Need for an Evolved Threat Intel Lifecycle
Threat Connect – Dan Cole
The Traditional Intelligence Cycle Planning and Direction Collection Processing Analysis and Production Dissemination and Integration Limitations Lack of Accountability While the intel cycle does have a âfeedbackâ step, itâs not strictly enforced and very often is not properly quantified. Lack of Stakeholder Involvement Intelligence doesnât exist for its own sake, so itâs curious that the stakeholders itâs supposed to benefit arenât even called out in the cycle! The Evolved Intelligence Cycle It explicitly calls out the personas involved in threat intelligence: Producers (CTI analysts, researchers, Captain Piett, etc.), and Consumers (SOC/IR, threat hunters, leadership/CISOs, red and blue teams, Admiral Ozzel, Darth Vader, etc.). It takes into account the action part of threat intel (Dissemination is not action!), such as detection and enabling leadership to make strategic decisions. Dissemination and Feedback are âbridgeâ steps between the two personas, which turns threat intelligence into a truly collaborative discipline across the entire security organization.
Link: https://threatconnect.com/blog/the-need-for-an-evolved-threat-intel-lifecycle/