| The purpose of this capstone project was to examine Cyber Threat Intelligence (CTI), its role in cybersecurity operations, and challenges associated with it. This study included an examination of intelligence, the intelligence cycle, cyberspace intelligence analysis, as well as proactive and reactive cybersecurity supported through intelligence. This research was performed to demonstrate the importance of the proper application of traditional intelligence practices to CTI and to generate awareness of current challenges associated with using CTI for cybersecurity operations. The research questions presented were designed to identify characteristics of CTI and its significance in cybersecurity operations. Additionally, these research questions were aimed at identifying the important considerations cybersecurity professionals should understand when looking to acquire and implement CTI products and services. Through the literature review process, the traditional intelligence process is defined and an examination of current CTI products and services are identified. These products and services include threat intelligence data feeds, threat intelligence reports, analytical platforms, indicators of compromise, and much more. A review of current publications revealed that both consumers and vendors lack a complete understanding of what information is considered to be CTI, culminating in the acknowledgement that more research is needed in order to define CTI, its practical applications, and associated standards and best practices. More awareness for CTI and its benefits to cybersecurity through its inclusion in future published research is recommended. These inclusions will assist in educating cybersecurity practitioners on how to accurately utilize CTI in order to augment existing cybersecurity efforts. |
