Sunday, February 21, 2016

Information vs Intelligence

IP address, exe files, and phising email are observable. We can join these observable and play around with them in order to gain information and then turn that into intelligence. This can be done by tracing IP address to its host and allow exe files to be played with in a test environment. 
Most of the time people say intelligence feed is IOC feed. For example, if we find an indicator that is linked with malware X and that this malware is present in our system is good information, but it still cannot answer these questions:
  • If an indicator is detected, what role does the identified observable play in the overall threat?
  • Does it signify the delivery of a new attack or does it signify the exfiltration of data following a successful compromise?
  • How sophisticated is the malware or tools used?
  • What is the motivation of the Actors behind the malicious activity?
IOC can tell you there is an attack and that we need to stop it, but intelligence helps understanding the capabilities, motivations. tendency of the adversary behind the threat and then guide us to take a reasonable and smart action and help keep the organization safe.

 Read more: http://www.isightpartners.com/2015/04/information-vs-intelligence-there-really-is-a-difference/
Posted by at

3 comments:

  1. UnknownFebruary 22, 2016 at 5:05 PM

    Thanks for a nice article differentiating information and intelligence.

    ReplyDelete
  2. UnknownFebruary 23, 2016 at 1:24 PM

    Great info on differences of Information and intelligence.Well explained.

    ReplyDelete
  3. UnknownFebruary 24, 2016 at 6:00 PM

    Thanks for sharing. Its always good to keep in mind that information != intelligence. The understanding that comes from analysis of information really does lead to a more secure organization.
    -Brett

    ReplyDelete

Subscribe to: Post Comments (Atom)