How Cyber Threat Intelligence Has Evolved (And Where It's Headed)


By: Artem Karasev
Senior Product Marketing Manager, Kaspersky

To understand the increasingly important role threat intelligence will fulfill in a proactive cybersecurity future, it helps to take a closer look at how it has evolved over two decades.

Early Threat Intel
The early 2000's saw the development of IP and URL blacklists. These were, in hindsight, the precursors of threat Intelligence, although the concept of threat intelligence was not yet formulated. From 2010 onwards, the explosion of the dark web and malign activities exposed the limitations of these security controls. During the next years it became apparent these tools alone would not be effective at identifying and processing tens of millions (and increasing) highly customized malicious domains, IPs and other threats.

The Machines and the Humans
Cybersecurity vendors responded by harnessing machine learning and AI to automate and correlate data on an unprecedented scale. They put in place millions of sensors and their data feeds collected massive amounts of information which was analyzed and processed by increasingly sophisticated big data tools. Automated systems began to be utilized to perform complex detection covering all attack surfaces.

2015 saw the next stage in the evolution of TI: the realization of the vital role of human intelligence in delivering threat intelligence. Security experts were increasingly deployed not only to oversee intelligence collection in a manner that reduced false positives, improved visibility and enabled rapid detection.

An industry Matures
Starting in 2018, the threat intelligence industry expanded significantly with hundreds of new cybersecurity companies entering the market, offering specific and targeted services focusing on the quality of the data sources with the aim of providing relevant guidelines for decisions and actions.

By 2019, a standard of threat intelligence had been formulated and accepted: multiple sources providing relevant, targeted data converted into immediately actionable intelligence and integrated into an organization's security operations.

What Happens Next?
The threat intelligence market is both maturing and expanding in market size, estimated by leading research company MarketsandMarkets to reach 12.9 billion USD by 2023. Organizations of all sizes are now actively deploying threat intelligence as part of their cybersecurity apparatus. Cybersecurity vendors are already integrating their products and services with those of other vendors to offer comprehensive threat intelligence packages. Sharing best practices will be the new norm leading to better prepared defenses against rising threats.

Predictions for 2020 and Beyond:

  • The industry will transition to proactive cybersecurity with collaboration taking center stage.
  • The security team role will expand—as will its reach within an organization.
  • Security team intel will not only protect, but also shape goals, risk planning and budgets.
  • Businesses will turn to threat intelligence early to predict and prevent cyberattack and risk.

Read More Articles Like this »

Sustaining Partners