by Benji Preminger

The third age of threat intelligence

This will come as no surprise to anyone reading this blog - AI is transforming the cybersecurity space, and threat intelligence specifically, much as it is revolutionizing every other sector it touches.

The ability of machines to learn and generate text is forcing us to re-think our approach to intelligence gathering and analysis, and what threat intelligence even means in this new age. This new, third age Threat Intelligence (TI) is driven by AI, and its impact is being felt across the security industry.

The first age of threat intelligence - Discovering

Every analyst has their favorite old-school forum. The one source they started out with, that seemed to dominate all relevant and valuable underground chatter. It was a time of few, large sources, where you knew the threat actor names by heart and with a handful of avatars, could master the domain of threat intelligence.

This first era of threat intelligence was a manual and nascent period where there were a limited number of intelligence sources. There were only so many forums and markets, and no activity beyond that. Telegram and other mass social media were not yet invented, and threat actors were reliant on the seeming anonymity of the dark web to avoid prosecution. This meant that threat intel analysts were few and far between. The job definition was unclear, and no tooling or best practices were available. It was a time when both threat actors and security professionals were discovering their own capabilities and those of their adversaries.

The second age of threat intelligence - Maturing

The second era, (which is the most recent), saw the explosion of the underground ecosystem in activity and variety. Consequently, threat intel dedicated roles were created, with accompanying tools and best practices. Threat intel solutions were mostly centered around access to data, with some analysis capability. In this age, automation became more of a result of either IOC feeds or integration work done via APIs.

The third age of threat intelligence - Transforming

The third era of threat intelligence, the AI-driven era, is where we see the real transformational power of generative AI. Advancements in AI allow us to step forth into a new age of TI, where the role requirements of TI analysts in some ways change, the tooling changes completely, and the ability to understand at scale and answer intel questions effectively is unlike anything before - faster, more efficient, and more accessible.

The underlying technology is key - transformer technology - as a game-changer that allows us to create sophisticated machines that in some cases rival human intelligence. These machines are capable of augmenting and enhancing human efforts, and in some cases, replacing them altogether. The success of ChatGPT in introducing the consumer class to the powers of generative AI underscores the importance of this technology.

What’s next?

The impact of generative AI on the security industry is already being felt. With the ability to generate intelligence at scale, analysts can now focus on more strategic tasks, while machines take care of the mundane aspects of intelligence gathering and analysis. This allows security teams to be more proactive and better equipped to deal with emerging threats.

In conclusion, the rise of generative AI has ushered in a new age of threat intelligence, where machines and humans work in tandem to keep organizations secure. We are just scratching the surface of what is possible. As we look to the future, there is no doubt that generative AI will continue to play a significant role in shaping the world of threat intelligence.

You may also like

View from the entrance of a tunnel with tracks extending towards a futuristic, dystopian cityscape.

April 19, 2024

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Read more
Change Healthcare Breach Blog Thumbnail

April 15, 2024

Change Healthcare Breach: Data in the Hands of a New Ransomware Group

Read more
Phishing Blog-Thumbnail

April 12, 2024

Palo Alto RCE Zero-Day Vulnerability: An Overview of the Actively Exploited Threat

Read more