3. Baselining the Different Types of
Cyber Threat Intelligence
3
For Senior Business Leaders – CISO, CIO, Risk Officer, etc.
• Informs business decisions and used to prioritize defense and direct
cybersecurity investments
• “Known Knowns” – Threat is understood and can be acted on / mitigated
For SOC/NOC Managers and Threat Analysts
• Aggregation of events along with the motivations, intent, and capabilities
of adversaries – how they plan, conduct, and sustain attack campaigns
• “Known Unknowns” – Confirmed existence of an actual threat
For SOC/NOC Operators
• The effort to detect and respond to on-the-wire events that are
technical and high volume. Focuses on threat indicators to hunt for and
defend against adversaries. Little-to-no contextualization or learning.
• “Unknown Unknowns” – Something weird is going on
Operational
Tactical
Decision
Strategic
Inputs
Outputs
Inputs
Outputs
LevelofIntelligence
5. 5
The SurfWatch Labs
Threat Intelligence Stack
Cloud-based Suite and
Advisory Services deliver:
• Strategic and Operational
Threat Intelligence
• Relevant Cyber Risk
Management
• Actionable Fraud Awareness
and Prevention
• Digital Supply Chain Risk
Visibility
• Brand and IP Protection
• Legal and Regulatory Diligence
• KPIs and Cyber Risk Reporting
Products
SaaS Applications and
API
Information and Analytics
Collect, Validate, Analyze and
Enrich
Solutions
Human Expertise Threat
Analyst
Cyber
Adviso
r
Data Collection Sources:
• Millions of Open Source
Media Outlets
• Twitter – Full Feed
• Cyber-Focused Sources
(Blogs, Security Researchers,
etc)
• Govt Mandated Breach Reports
• Vulnerability Reports
• PII Release Reports
• Phishing Feeds
• Dark Web
• SurfWatch Customers
6. Q&A and Additional
SurfWatch Labs Resources
6
SurfWatch Cyber Advisor:
www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:
www.surfwatchlabs.com/threat-intel
Dark Web Intelligence:
www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:
info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence