Threat intelligence and security analysis
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice on an existing or emerging threat or danger to assets. This intelligence can be used to inform decisions regarding the subject’s response to that threat or danger. Security analytics applications use real-time and historical data to detect and diagnose threats. Sources of information include:
• Real-time alerts from workstations, servers, sensors, mobile devices, and other endpoints
• Real-time sources from other IT security applications (firewalls, intrusion prevention, endpoint detection and response, etc.)
• Volume and types of network traffic
• Server logs
• Third-party threat intelligence feeds Security analysis combines data from various sources and looks for correlations and anomalies within the data
Why is it important
Threat intelligence is actionable, timely, provides context and can be understood by decision makers and security analysis tools can offer benefits for:
• Rapid detection and response. Security analytics accelerate detection and response to cyber threats. Rapid response can help IT prevent or lessen the damage caused by a breach.
• Compliance. One of the major drivers of the safety analytics market is the need to comply with government and industry regulations.