Home > Design Patterns > Threat Intelligence Processing

Threat Intelligence Processing (Cope, Erl)

How can actionable threat indicators be generated to detect threats and prevent cloud vulnerability exploits?

Threat Intelligence Processing

Problem

Organizations are not normally able to take advantage of the large volume of available threat data that can provide indications of the kind of attacks to expect and where they can originate. This can result in missed opportunities to detect hidden security vulnerabilities and prevent them from being exploited.

Solution

Incorporating a threat intelligence system into the cloud security architecture allows organizations to forecast attacks, alert administrators and cloud consumers, and utilize the intelligence to prevent and defend against future attacks.

Application

A threat intelligence system is implemented to receive and process external intelligence feeds, as well as intelligence gained from analyzing attacks internally, to automatically queue security systems such as security information and event management systems (SIEMs), network forensics monitor (NFM), endpoint threat detection and response systems (ETDRs) and intrusion detection and protections systems (IDPSs), and also to alert cloud administrators and consumers.
Threat Intelligence Processing: An example of a typical threat intelligence analysis architecture.

An example of a typical threat intelligence analysis architecture.