{"id":77518,"date":"2022-07-19T09:29:33","date_gmt":"2022-07-19T09:29:33","guid":{"rendered":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?p=77518"},"modified":"2023-11-20T10:25:36","modified_gmt":"2023-11-20T10:25:36","slug":"organization-threat-intelligence-siem-soar","status":"publish","type":"post","link":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/","title":{"rendered":"Why Organizations Need to Deliberately Adopt Threat Intelligence"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"77518\" class=\"elementor elementor-77518\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2cd966c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2cd966c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-64f6bb3\" data-id=\"64f6bb3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ae18f3c elementor-widget elementor-widget-text-editor\" data-id=\"ae18f3c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Every organization will, one way or another, land on the radar of cybercriminals or hackers who have an incentive to compromise their systems.&nbsp;<a href=\"https:\/\/test1.eccouncil.org\/cybersecurity\/what-is-cyber-threat-intelligence\/\" target=\"_blank\" rel=\"noopener\">Threat intelligence<\/a>&nbsp;has therefore become a top priority for many organizations around the world.<\/p>\n<p><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Some of the top security challenges organizations have faced over the last few years include:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Identifying the right frameworks to implement<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Choosing from varying vendor solutions to fill gaps in technology<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Mitigating supply chain risks<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Managing vulnerabilities and patches<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Addressing insufficient skill sets within cybersecurity teams<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Handling inadequate threat intelligence and visibility<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Securing third-party engagement and integration<\/span><\/span><\/li>\n<li><span style=\"vertical-align: inherit;\"><span style=\"vertical-align: inherit;\">Promoting general awareness of cyber resilience among staff<\/span><\/span><\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-40d2cd1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"40d2cd1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3926363\" data-id=\"3926363\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f4b6851 elementor-widget elementor-widget-text-editor\" data-id=\"f4b6851\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Cybersecurity: A Growing Concern in Digital Transformations<\/h2><p>The COVID-19 pandemic prompted a number of mindset shifts. Many organizations started moving to the cloud, and others started to activate digital transformation playbooks that had been shelved for many years.<\/p><p>Organizations that did not think the time would ever come for remote work had to activate many work-from-home programs. Affected businesses ranged from small and medium-sized enterprises to large corporations that had to rework their entire security fabrics to stay resilient as attacks rose.<\/p><h2>The Limitations of Existing Cybersecurity Solutions<\/h2><p>Top-tier companies are continuously buying new solutions in hopes of solving contemporaneous<a href=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/threat-intelligence-critical-types-cyberthreats\/\"> security issues that arise<\/a>. These include antimalware and data loss prevention software; upgrades to firewalls, routers, and switches; network access control solutions; data and network monitoring software; and many more.<\/p><p>However, the above solutions often do not communicate with each other after implementation, which creates challenges when it comes to decision making. This leads to an increase in risks to the organization.<\/p><p>An antimalware solution, for instance, might be able to detect malware, but it may not work with the organization\u2019s network and access control solutions to isolate the infected machine or the organization\u2019s firewall to block the IP address of the threat actor. Instead, organizations must rely on manual intervention, meaning that actualizing mitigation controls can take a great deal of time.<\/p><p>Take, for example, a financial institution. The sensitive data it handles might include:<\/p><ul><li>Client lists<\/li><li>Customer credit card information<\/li><li>The company\u2019s banking details<\/li><li>Pricing structures for various services<\/li><li>Future product designs<\/li><li>The organization\u2019s expansion plans<\/li><\/ul><p>The impacts of a security incident on that financial organization can include:<\/p><ul><li>Financial losses resulting from theft of banking information<\/li><li>Financial losses resulting from business disruption<\/li><li>High costs associated with ridding the network of threats<\/li><li>Damage to reputation after telling customers their information was compromised<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fdc8113 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fdc8113\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e1bb031\" data-id=\"e1bb031\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-122cb41 elementor-widget elementor-widget-text-editor\" data-id=\"122cb41\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em><strong>&#8220;You can get cybersecurity right 99% of the time, but adversaries only need to exploit the 1% to cause tremendous damage.&#8221;<\/strong><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fa261ce elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fa261ce\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-90a3cad\" data-id=\"90a3cad\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1eaa14e elementor-widget elementor-widget-text-editor\" data-id=\"1eaa14e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>The Evolution of Cybersecurity Models<\/h2><p>The focus of cybersecurity when it comes to protecting business operations has shifted from the traditional risk management approach, which relies on perimeter and static assessment through grading on the Common Vulnerabilities and Exposures (CVE) system, to a\u00a0<a href=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/what-is-threat-modeling-skills-tools\/\" target=\"_blank\" rel=\"noopener\">framework of predictive threat intelligence<\/a>, agile posture, and dynamic controls.<\/p><p>The deciding factor in whether an organization will be able to get back up and running after a security incident is its ability to recover very easily. This is directly proportional to operational readiness and time.<\/p><p>Historically, the definition of security has centered around the concepts of protection, detection, and response. Resilience, on the other hand, involves two other elements: identification and recovery. Being able to identify potential risks and plan out a recovery method is key to maintaining operational status as a business<\/p><h2>Comparing Security Software Solutions<\/h2><h3>Security Information and Event Management (SIEM)<\/h3><p>Every modern-day organization should have a security information and event management (SIEM) tool. SIEM software can be either proprietary or open source, depending on the company\u2019s budget and needs.<\/p><p>SIEM tools have several core functionalities, in addition to many other crucial capabilities:<\/p><ul><li>Correlating logs<\/li><li>Analyzing user behavior<\/li><li>Performing forensics<\/li><li>Monitoring file integrity<\/li><li>Providing a dashboard for analyzing incidents<\/li><\/ul><p>Incident responders may receive thousands of alerts each day from all devices connected to their organization\u2019s SIEM solution. As a result, they often spend a large portion of their time engaged in detection, triage, and investigation.<\/p><p>A typical example could be seen in the case of a malicious IP scanning a target network. The analyst has to filter out false positives, analyze the details of the IP address (such as origin and reputation), and send the details to the firewall to block the IP based on that analysis.<\/p><p>The response time required to investigate alerts and filter out false positives reduces analysts\u2019 productivity, leaving room for attackers to succeed in a potential threat scenario. Post-incident analysis of past breaches often finds that the SIEM detection time and the steps taken by analysts are predictive of the actions performed by various parties.<\/p><h3>Security Orchestration Automation and Response (SOAR)<\/h3><p>Security orchestration automation and response (SOAR) solutions came into play to solve the above challenge. SOAR systems detect, triage, respond and periodize throughout the full chain of threat intelligence.<\/p><p>Consider, for instance, a malware indicator of compromise in a network of about 200 endpoints. While a SIEM will be able to pick it up, investigating how many other machines are similarly affected and making decisions about whether to isolate them from the network usually has to be done manually.<\/p><p>Likewise, sending the malicious IP address that is acting as the malware\u2019s command-and-control server to be blocked by the firewall is a further step. A SOAR solution automates all these processes by investigating and taking necessary action before sending an alert to the analyst, prompting them to examine the situation further.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c43e362 elementor-widget elementor-widget-image\" data-id=\"c43e362\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"697\" height=\"426\" src=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/Organization-Level-Threat-Intelligence-Tips-for-Success.png\" class=\"attachment-large size-large wp-image-77520\" alt=\"Organization-Level Threat Intelligence Tips for Success\" srcset=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/Organization-Level-Threat-Intelligence-Tips-for-Success.png 697w, https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/Organization-Level-Threat-Intelligence-Tips-for-Success-300x183.png 300w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2262aa7 elementor-widget elementor-widget-text-editor\" data-id=\"2262aa7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Despite being misconstrued as a \u201cplug-and-play\u201d solution by many security personnel, SOAR platforms are still new technologies and are not yet capable of acting fully automatically. SOAR technology is not meant to replace all solutions in an organization. Instead, it enables security teams to make smart decisions in time to curb adversaries\u2019 actions.<\/p><p>SOAR software works following a series of actions, known as a playbook, that is written by analysts and fine-tuned to fit the organization\u2019s network and existing solutions. The process of writing a playbook can only be done by developing use cases as a continuous process.<\/p><p>Threat intelligence has various measures of success when a holistic viewpoint is taken that encompasses not only technology solutions but also the human element, especially<a href=\"https:\/\/test1.eccouncil.org\/train-certify\/certified-threat-intelligence-analyst-ctia\/\" target=\"_blank\" rel=\"noopener\"> threat intelligence analysts<\/a>. An organization\u2019s\u00a0<a href=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/why-pursue-career-cyber-threat-intelligence\/\" target=\"_blank\" rel=\"noopener\">threat intelligence analysts<\/a>\u00a0consolidate all the architecture of collection, correlation, decision making, and post-implementation tactics to avoid future potential breaches.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-19f9503 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"19f9503\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9acd9d7\" data-id=\"9acd9d7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0af8bb1 elementor-widget elementor-widget-text-editor\" data-id=\"0af8bb1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>How to Measure the Success of a Threat Intelligence Program<\/h2>\n<p>The table below provides a sample summary of key performance indicators, associated metrics, and possible success measurements.<\/p>\n<table>\n<tbody>\n<tr>\n<th>Key Performance Indicator<\/th>\n<th>Metric<\/th>\n<th>Possible Measurements<\/th>\n<\/tr>\n<tr valign=\"top\">\n<td>Workload<\/td>\n<td>\n<ul>\n<li>Total number of devices being monitored<\/li>\n<li>Total number of events<\/li>\n<li>Number of tickets assigned<\/li>\n<\/ul>\n<\/td>\n<td>\n<ul>\n<li>Number of devices<\/li>\n<li>Number of devices per analyst<\/li>\n<li>Number of events per analyst per day<\/li>\n<li>Proportion of assigned to unassigned tickets<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Detection success<\/td>\n<td>\n<ul>\n<li>Number of events per device or application<\/li>\n<li>Mean time to detection<\/li>\n<li>Amount of false positives<\/li>\n<\/ul>\n<\/td>\n<td>\n<ul>\n<li>Number of events per device per day or month<\/li>\n<li>Number of events per application per day or month<\/li>\n<li>Number of false positives per day<\/li>\n<li>Time to detect (in hours, days, or months)<\/li>\n<li>False positives as a percentage of all alerts<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Analyst skill<\/td>\n<td>\n<ul>\n<li>Time to resolution<\/li>\n<li>Event types resolved<\/li>\n<\/ul><\/td>\n<td>\n<ul>\n<li>Average time to identify<\/li>\n<li>Average time to identify per technology<\/li>\n<li>Average time to identify per event type<\/li>\n<li>All event types resolved by analyst<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Key risks<\/td>\n<td><ul>\n<li>Number of events per application<\/li>\n<li>Number of events per user or account<\/li>\n<li>Number of events per device<\/li>\n<li>Vulnerabilities detected<\/li>\n<\/ul><\/td>\n<td><ul>\n<li>Number of events generated by application<\/li>\n<li>Number of events per user or account<\/li>\n<li>Number of events per device<\/li>\n<li>Vulnerabilities detected by vulnerability management tools<\/li>\n<\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5926321 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5926321\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0adae24\" data-id=\"0adae24\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-da36fb1 elementor-widget elementor-widget-text-editor\" data-id=\"da36fb1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Why Successful Threat Intelligence Requires Management Support<\/h2>\n<p>An organization\u2019s threat intelligence program can never be a success if there is no support from senior management. The involvement of key stakeholders, especially C-suite executives and the board of directors, can lead to risk reduction or even elimination in any organization.<\/p>\n<p>The catalyst for achieving management buy-in is cybersecurity leaders who can communicate key requirements, as well as potential business risks if certain actions are not taken. This responsibility is shared by the<a href=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/executive-management\/how-to-become-ciso\/\" target=\"_blank\"> chief information security officer<\/a>, chief information officer, and risk information officer. Together, these three stakeholders\u2019 insights can help ensure a secure and resilient organization.<\/p>\n<p>\u2014<\/p>\n<p><em><strong>Bright G. Mawudor, Ph.D.<\/strong><span style=\"vertical-align: inherit;\">, is chief technology officer at Xetova and the founder of the cybersecurity collective Africa Hackon, the first-ever live demonstration cybersecurity conference in east and central Africa. He holds a doctorate in IT convergence and application engineering with a focus on information security from Pukyong National University, South Korea.<\/span><\/em><\/p>\n<p><em>Dr. Mawudor has over 10 years of experience in the cybersecurity industry, with strong expertise in cybersecurity strategy building, resilience, and system penetration testing. Technically proficient and skilled in cybersecurity, he is a team player and outstanding leader who has successfully implemented IT security systems to curb and mitigate risk.<\/em><\/p>\n<p><em>In addition to presenting at over 150 cybersecurity conferences, Dr. Mawudor has been recognized by Tribe of Hackers Blue Team 2020, was named one of Kenya\u2019s Top 40 Under 40 by Business Daily, and has led cybersecurity projects at Dimension Data, Cellulant, and Ushahidi.<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7a8886c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7a8886c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e60ea8b\" data-id=\"e60ea8b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a091f67 elementor-widget elementor-widget-text-editor\" data-id=\"a091f67\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>Reference:<\/strong>\n<p>Gartner (November 2017) ID: 338719<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Every organization will, one way or another, land on the radar of cybercriminals or hackers who have an incentive to compromise their systems.&nbsp;Threat intelligence&nbsp;has therefore become a top priority for many organizations around the world. Some of the top security challenges organizations have faced over the last few years include: Identifying the right frameworks to&hellip;<\/p>\n","protected":false},"author":33,"featured_media":80940,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_eb_attr":"","footnotes":""},"categories":[12226],"tags":[],"class_list":{"0":"post-77518","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cyber Threat Intelligence in Organizations<\/title>\n<meta name=\"description\" content=\"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why Organizations Need to Deliberately Adopt Threat Intelligence\" \/>\n<meta property=\"og:description\" content=\"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/\" \/>\n<meta property=\"og:site_name\" content=\"Cybersecurity Exchange\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-19T09:29:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-20T10:25:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-imgs-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"521\" \/>\n\t<meta property=\"og:image:height\" content=\"521\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"EC-Council\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"EC-Council\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/\"},\"author\":{\"name\":\"EC-Council\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/10d534ff5660436a0efe90fea66ce5fd\"},\"headline\":\"Why Organizations Need to Deliberately Adopt Threat Intelligence\",\"datePublished\":\"2022-07-19T09:29:33+00:00\",\"dateModified\":\"2023-11-20T10:25:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/\"},\"wordCount\":1527,\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/organization-threat-intelligence-siem-soar-thumb.jpg\",\"articleSection\":[\"Threat Intelligence\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/\",\"url\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/\",\"name\":\"Cyber Threat Intelligence in Organizations\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/organization-threat-intelligence-siem-soar-thumb.jpg\",\"datePublished\":\"2022-07-19T09:29:33+00:00\",\"dateModified\":\"2023-11-20T10:25:36+00:00\",\"description\":\"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#primaryimage\",\"url\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/organization-threat-intelligence-siem-soar-thumb.jpg\",\"contentUrl\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/organization-threat-intelligence-siem-soar-thumb.jpg\",\"width\":521,\"height\":521,\"caption\":\"Threat Intelligence\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/threat-intelligence\\\/organization-threat-intelligence-siem-soar\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/test1.eccouncil.org\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Exchange\",\"item\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Intelligence\",\"item\":\"https:\\\/\\\/test1.eccouncil.org\\\/cybersecurity-exchange\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Why Organizations Need to Deliberately Adopt Threat Intelligence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"name\":\"Cybersecurity Exchange\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\",\"name\":\"Cybersecurity Exchange\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Cybersecurity Exchange\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/10d534ff5660436a0efe90fea66ce5fd\",\"name\":\"EC-Council\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber Threat Intelligence in Organizations","description":"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/","og_locale":"en_US","og_type":"article","og_title":"Why Organizations Need to Deliberately Adopt Threat Intelligence","og_description":"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.","og_url":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/","og_site_name":"Cybersecurity Exchange","article_published_time":"2022-07-19T09:29:33+00:00","article_modified_time":"2023-11-20T10:25:36+00:00","og_image":[{"width":521,"height":521,"url":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-imgs-1.jpg","type":"image\/jpeg"}],"author":"EC-Council","twitter_card":"summary_large_image","twitter_misc":{"Written by":"EC-Council","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#article","isPartOf":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/"},"author":{"name":"EC-Council","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/10d534ff5660436a0efe90fea66ce5fd"},"headline":"Why Organizations Need to Deliberately Adopt Threat Intelligence","datePublished":"2022-07-19T09:29:33+00:00","dateModified":"2023-11-20T10:25:36+00:00","mainEntityOfPage":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/"},"wordCount":1527,"publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"image":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-thumb.jpg","articleSection":["Threat Intelligence"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/","url":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/","name":"Cyber Threat Intelligence in Organizations","isPartOf":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website"},"primaryImageOfPage":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#primaryimage"},"image":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-thumb.jpg","datePublished":"2022-07-19T09:29:33+00:00","dateModified":"2023-11-20T10:25:36+00:00","description":"Learn why cyber security threat intelligence is required to be adopted by organizations for cyber threat analysis.","breadcrumb":{"@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#primaryimage","url":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-thumb.jpg","contentUrl":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2022\/07\/organization-threat-intelligence-siem-soar-thumb.jpg","width":521,"height":521,"caption":"Threat Intelligence"},{"@type":"BreadcrumbList","@id":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/threat-intelligence\/organization-threat-intelligence-siem-soar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/test1.eccouncil.org\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Exchange","item":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/"},{"@type":"ListItem","position":3,"name":"Threat Intelligence","item":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/category\/threat-intelligence\/"},{"@type":"ListItem","position":4,"name":"Why Organizations Need to Deliberately Adopt Threat Intelligence"}]},{"@type":"WebSite","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","name":"Cybersecurity Exchange","description":"","publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization","name":"Cybersecurity Exchange","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/","url":"","contentUrl":"","caption":"Cybersecurity Exchange"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/10d534ff5660436a0efe90fea66ce5fd","name":"EC-Council"}]}},"_links":{"self":[{"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/77518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/comments?post=77518"}],"version-history":[{"count":0,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/77518\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media\/80940"}],"wp:attachment":[{"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media?parent=77518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/categories?post=77518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/test1.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/tags?post=77518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}