什麼是 Cyber 威脅情資?
Cyber threat intelligence is information used to identify present, or future cyberattacks against an organization’s systems. Companies can subscribe to threat intelligence feeds and services to learn more about current malware or threat campaigns and take advantage of services to identify potential threats to a company, its employees and its customers.
網路威脅情資的重要性
Cyber threat intelligence provides insight into the current threat landscape and the potential cyberattacks that companies can face. It also can include information about intrusions and other security incidents that an organization has already experienced.
Threat intelligence is key to ensuring that organizations allocate limited cybersecurity resources to maximize the potential benefit to the organization.
With knowledge of current threat campaigns, companies can tune their defenses to maximize the potential that they will be able to identify and block future cyberattacks. Plus, threat intelligence is useful for identifying past intrusions into a company’s systems and gauging the potential impact on the business and its customers.
網路威脅資源包括哪些內容
Cyber threat intelligence includes any information that can be used to help inform the business about potential cyber threats that they face and how to address them. The majority of threat intelligence deals with the current cyberattacks and active malware variants.
然而,組織還可以存取更有針對性的威脅資源類型,為他們提供有關其品牌風險或因過去資料外洩而洩露的資料的資訊。
攻擊者戰術、技術和程序 (TTP)
The bulk of technical threat intelligence data is related to the TTPs used by various threat actors. When new malware or cyberattack campaigns are detected, security researchers collect and disseminate indicators of attack (IoAs) and indicators of compromise (IoCs) that can be used to identify these threats.
For instance, a strategic threat intelligence feed could include file hashes for new malware variants and the IP addresses and domain names associated with known cyber attack campaigns.
Organizations can subscribe to tactical threat intelligence feeds to collect this information and feed it to their security solutions. This data can also be filtered or personalized to identify the relevant threats that an organization is most likely to face, such as:
- 惡意軟體 or cyberattacks targeting other organizations in the same industry or geographic region.
透過利用這種更有針對性的威脅情報,組織可以更準確地評估可能面臨的威脅類型以及如何最好地防禦這些威脅。
品牌保護
網路犯罪分子通常在網路釣魚攻擊中使用相似的電子郵件地址和網站。 這是為了使潛在的攻擊對其目標看起來是合法的,並利用目標對品牌的信任。
這種做法可能會大大損害組織在其客戶、供應商、供應商和其他合作夥伴的聲譽。
以下資訊可作為針對組織的個人化可操作威脅情報進行收集:
- 可疑網域
- 網路釣魚網站
- 社交媒體模仿
- Unauthorized APKs
然後,組織可以採取行動來保護其品牌免受這些威脅的侵害。
違規監控
Often, it takes time for a breach to be detected, if the company notices it at all.
In the state of a data breach report, IBM and Ponemon differentiate between breaches identified within 200 days and those that took more than 200 days to detect when comparing the price and impact of faster breach detection.
在某些情況下,公司只有當公司、員工或客戶數據在暗網上出售時才會知道漏洞。 違規監控服務可以尋找:
- 員工憑證
- 客戶信息
- 知識產權
- 已在暗網上發布或廣告出售的其他數據
誰從威脅情報中受益?
Threat intelligence provides insight into potential cyber threats a company may face or breaches that it has not yet identified within its systems.
This diverse set of security information has numerous potential applications within an organization.
One of the most common applications of strategic threat intelligence is for identifying potential security incidents via persistent threat detection and threat hunting. Threat intelligence feeds commonly provide IoCs that organizations can look for in their systems to either identify and block an impending attack or detect the presence of an intruder within their systems.
威脅情資Check Point服務
Threat Intelligence services are delivered Check Point Exposure Management and the Check Point Research (CPR) organization.
Check Point Exposure Management embeds real‑time threat intelligence directly into how exposures are prioritized and fixed.
By continuously correlating internal vulnerabilities, external attack surfaces, and live adversary activity from Deep and Dark Web monitoring and Check Point’s ThreatCloud AI, it highlights which weaknesses are actively exploited or most likely to be weaponized next.
The result is clear, intelligence‑backed prioritization, with security teams focus remediation on critical exposures, instead of chasing static CVE scores or endless alerts.
CPR is made up of over 150 researchers and analysts. This team also works closely with third parties, including other security vendors, various CERTs, and law enforcement.
CPR sources threat intelligence and other data from a variety of different locations. These include publicly accessible sources, Check Point’s ThreatCloud AI, external solutions and technologies provided by our service partners, and intelligence collected from the dark web.
在內部,安全團隊創建了自訂機器學習模組、逆向工程、異常偵測和活動搜尋技術,幫助公司跟上不斷變化的威脅情勢。
取得示範 of Check Point Exposure Management’s Threat Intelligence Offering today.
