from this May, the “Information Security Technology—the Expression Model of
Network Security Threat Intelligence” drafted by the Chinese government was
available for professionals to give suggestions. Venustech was also invited to
take part in the drafting process. Such national standards will provide a better
environment for the development of threat intelligence in network security,
creating a more orderly development path.
defense and offence in terms of information security are not unlike the game of
chess—the one who takes the first move always has the edge to win. The illegal
offenders have always hidden in the dark and sought opportunities to strike,
while the defenders have to obstruct or repair after the incident. To turn the
table, one must defend in advance in order to make effective protection.
kind of technology named “threat intelligence” (TI) first caught the attention
of professionals in Chinese information security market in 2013. After that, TI
went popular in recent two years. TI can be divided into several categories,
such as TI on the phishing websites, TI on the botnets, and TI of C&C
remote control servers.
may have some misunderstandings about threat intelligence and vulnerability
intelligence, so here is the clarification:
vulnerability intelligence and threat intelligence belong to security
intelligence, which can be divided into security threat intelligence, security
vulnerability intelligence, security event intelligence, asset intelligence and
intelligence would assist enterprises or organizations in obtaining information from the potential offenders that may harm the entities, thus preparing them
with more effective protections in advance and making it easier to trace back
to the offenders.
are also differences between threat intelligence and vulnerability
intelligence. Vulnerability intelligence will help enterprises to understand
their internal status quo and conduct internal trouble shootings. While the
threat intelligence would help enterprises find the offenders’ attack address
and way of attacks.
a philosopher in ancient Greek, once pointed it out that what will never change
is the change itself. It can also be applied to the network security. The
attackers on the internet are always changing and upgrading. Lacking of forward
thinking, some enterprises are always at a disadvantage. In this case, threat
intelligence came to the rescue and turned the situation around, enabling
people make sound emergency responses instead of getting caught off guard by