The Project
- Improve the quality of the CTI shared in the community with
- Guidance documentation for producers and consumers
- Training materials
- Awareness about the potential options to refine threat intelligence
- More efficient and complete techniques for gathering and encoding well contextualised threat intelligence
- Facilitate dialogue with experts from other fields to draw out insights that could improve CTI practices
- Explore the challenges that the consumers of CTI are facing, including
- Deficiencies in today’s threat intel
- Impact of those deficiencies on their day to day work
- Reinforce our understanding of how to measure success in the CTI field and convert it from an overhead cost to a business enabler
- Success and challenges of the outcome of CTI ingestion
- Metrics to evaluate and improve internal processes
What we’re trying to do
Our goal is to provide documentation, guidance and start dialogues with practitioners around all things threat intel, with a special focus on how to improve both the current practices and the data quality that is produced, for a wide range of target audiences. Our role in this process will both be in producing content and also reaching out and collaborating with peers from different organisations and sectors to improve the materials provided.
Another major aspect that is currently neglected is the lack of metrics on how the CTI we produce and ingest affects both our and our constituencies’ security postures, we aim to collect and describe methodologies from various organisations that have already implemented metric driven measures in their processes.
Who we’re trying to help
The project aims to improve the situation for two main groups, which often end up overlapping:
- Threat intel producers (threat intel producers, feed vendors, CSIRTs, etc)
- Threat intel consumers (SOCs, threat analysts, risk analysts, etc)
Who we’d like to work with
In order to approach the quality issues we face today, we not only collaborate with our two target audience, but also with practitioners from other fields that deal with similar issues in their own fields. Be it from the medical, insurance, non-cyber threat intel, financial sectors, the issues that we each have to tackle often have overlapping solutions between the different fields. We plan on involving experts from fields where the approach taken for such issues is often different or where the solutions are much better developed than in our own field.
How can you get involved?
Are you consuming CTI and are fed up with deficiencies that make your life difficult? Tell us about them and how you would improve it!
Are you producing CTI? What do you find is challenging for you to meet consumer expectations? If you have well defined processes that work for you and are potentially reproducible by other practitioners, share it with us and the community!
Do you want to get started in the CTI field? Have a look at our resource material and blog posts.
Are you tackling similar issues in your own field? Have you dealt with data science problems that dwarf what we are facing in threat intelligence? Let us know what we can do to improve in our obviously immature processes!
Visit the contact page for various ways on how to get in touch with us.