Chapter summary
Cyber Threat Intelligence (CTI) provides organizations with data and information on potential cyber threats. Those threats can include various categories of malware, exploitation of vulnerabilities, web-based attacks, Distributed Denial of Service (DDoS) attacks, social engineering attacks, and others.
There are many potential sources of data that CTI providers can use. For example, data on malware threats can come from anti-malware products and services running on end points, networks, email in-boxes, web browsers, cloud services, honey pots, etc. Data on weak, leaked, and stolen credentials can come from Identity Providers like Microsoft Azure Active Directory, Google’s identity offerings, and Okta, but also from monitoring illicit forums where such credentials are bought and sold.
Open Source Threat Intelligence (OSINT) that leverages publicly available data sources such as social media, news feeds, court filings and arrest records, attacker disclosed information...
