What to Know about Threat Intelligence

I admit it, I’m a threat intelligence data geek. I really enjoy studying threat intelligence. It helps me understand the tactics and techniques that are in vogue with attackers and how the threat landscape is evolving. One of the best jobs I had at Microsoft was working as a Director of Trustworthy Computing. In this role I was the executive editor and a contributor to the Microsoft Security Intelligence Report, which we called “the SIR.” During the 8 or 9 years I helped produce the SIR, we published more than 20 volumes and special editions of this report, spanning thousands of pages. I gave literally thousands of threat intelligence briefings for customers around the world, as well as press and analyst interviews. I can tell you from experience, interviews on live television in front of millions of people, discussing threat intelligence, are nerve-wracking! (BBC News, 2013).

Building and publishing the SIR was a lot of work, but very rewarding. In this role, I had the opportunity to work with so many smart people in the Microsoft Security Response Center (MSRC), the Microsoft Malware Protection Center (MMPC), the Microsoft Digital Crimes Unit (DCU), the Security Development Lifecycle (SDL) team, Microsoft IT, and many others. Doing this work gave me a deep appreciation for the value of good threat intelligence and some of the ways it is produced. Microsoft has continued to invest in threat intelligence and they now have a center dedicated to it called the Microsoft Threat Intelligence Center (MSTIC), in which a few of my former colleagues work.

I provide a deep dive into data from the SIR in Chapter 4, The Evolution of Malware. I also provide a deep dive into security vulnerabilities in Chapter 3, Using Vulnerability Trends to Reduce Risk and Costs.

But before I get to this data, let me provide some useful context to help you consume the data in those chapters and other threat intelligence you encounter in your career.