The Cyber5 Podcast

EP92: The Role of Threat Intelligence in Protecting Business

Episode 92 | May 3, 2023

In Episode 92 of TheCyber5,  we are joined by Krassimir Tzvetanov.

Episode 92 | May 3, 2023

In Episode 92 of TheCyber5,  we are joined by Krassimir Tzvetanov.

In this episode, we focus on the role of threat intelligence professionals in protecting businesses. We also discuss the limitations faced by the civilian sector in responding to threats, the benefits and risks of trust groups for information sharing, and the importance of proper legal frameworks to protect sensitive information.


Here are the Four Major Takeaways


1. Awareness of the business is crucial for adequate protection.

As a threat intelligence professional, being aware of the business being served is a crucial element for providing adequate protection. Without understanding the core objectives and vulnerabilities of a business, it’s impossible to identify and mitigate potential threats. Ensuring that the business is protected requires a deep understanding of its inner workings, including the various departments, stakeholders, and employee behaviors. Staying informed on the latest developments and shifts within your business is essential for creating an effective protection plan that considers potential risks and their impact.

2. Different maturity levels of programs determine reliance on vendors.

The level of maturity of a program has a significant impact on the reliance on vendors by threat intelligence teams. Depending on the program’s maturity, vendors may play a critical role in aiding the team or their contribution might be minimal. Generally, threat intelligence personnel come from either a government or engineering background, each with its unique set of abilities. The government background emphasizes the identification and cessation of negative actors, while engineering backgrounds offer more automation capabilities, allowing threats to be prevented via indicators. Despite the differences, both government and engineering backgrounds share some common ground, such as uncovering and accessing darknet forums, automating decision-making, and creating/distributing intelligence and other high-level information.

3. Collection of technical indicators precedes automated actions.

When it comes to making automated decisions and taking actions based on technical indicators, it is crucial to collect all the necessary data beforehand. Without a thorough understanding of the technical aspects, any automated actions taken may lead to disastrous consequences. It is only after collecting and analyzing this information that intelligence professionals can begin to think about examining higher-order information on criminal groups.

4. AI is not yet able to write intelligence reports on its own.

AI has gained tremendous popularity in the past few years, however, it still falls behind when compared to human intelligence. We are not yet close to creating a model where artificial intelligence can pull together multiple sources of data and write an intelligent report autonomously. The current limitation is that most models used exist on statistical probability alone without any form of broader understanding or explainability as to why certain decisions were made – which makes applications breaking more difficult when they do break. As such, advancements will need further refinement and incorporation of concepts like explainability before we see real progress toward true machine-learning capabilities within industries.