by Benji Preminger

The third age of threat intelligence

This will come as no surprise to anyone reading this blog - AI is transforming the cybersecurity space, and threat intelligence specifically, much as it is revolutionizing every other sector it touches.

The ability of machines to learn and generate text is forcing us to re-think our approach to intelligence gathering and analysis, and what threat intelligence even means in this new age. This new, third age Threat Intelligence (TI) is driven by AI, and its impact is being felt across the security industry.

The first age of threat intelligence - Discovering

Every analyst has their favorite old-school forum. The one source they started out with, that seemed to dominate all relevant and valuable underground chatter. It was a time of few, large sources, where you knew the threat actor names by heart and with a handful of avatars, could master the domain of threat intelligence.

This first era of threat intelligence was a manual and nascent period where there were a limited number of intelligence sources. There were only so many forums and markets, and no activity beyond that. Telegram and other mass social media were not yet invented, and threat actors were reliant on the seeming anonymity of the dark web to avoid prosecution. This meant that threat intel analysts were few and far between. The job definition was unclear, and no tooling or best practices were available. It was a time when both threat actors and security professionals were discovering their own capabilities and those of their adversaries.

The second age of threat intelligence - Maturing

The second era, (which is the most recent), saw the explosion of the underground ecosystem in activity and variety. Consequently, threat intel dedicated roles were created, with accompanying tools and best practices. Threat intel solutions were mostly centered around access to data, with some analysis capability. In this age, automation became more of a result of either IOC feeds or integration work done via APIs.

The third age of threat intelligence - Transforming

The third era of threat intelligence, the AI-driven era, is where we see the real transformational power of generative AI. Advancements in AI allow us to step forth into a new age of TI, where the role requirements of TI analysts in some ways change, the tooling changes completely, and the ability to understand at scale and answer intel questions effectively is unlike anything before - faster, more efficient, and more accessible.

The underlying technology is key - transformer technology - as a game-changer that allows us to create sophisticated machines that in some cases rival human intelligence. These machines are capable of augmenting and enhancing human efforts, and in some cases, replacing them altogether. The success of ChatGPT in introducing the consumer class to the powers of generative AI underscores the importance of this technology.

What’s next?

The impact of generative AI on the security industry is already being felt. With the ability to generate intelligence at scale, analysts can now focus on more strategic tasks, while machines take care of the mundane aspects of intelligence gathering and analysis. This allows security teams to be more proactive and better equipped to deal with emerging threats.

In conclusion, the rise of generative AI has ushered in a new age of threat intelligence, where machines and humans work in tandem to keep organizations secure. We are just scratching the surface of what is possible. As we look to the future, there is no doubt that generative AI will continue to play a significant role in shaping the world of threat intelligence.

You may also like

A close-up of a person's face is depicted, focusing on their eye, which appears to be augmented with advanced technology. The scene is bathed in blue and orange hues, with numerous digital elements, holographic displays, and data streams surrounding the eye. The overall aesthetic is futuristic and cybernetic, suggesting a deep integration of human and technology.

May 23, 2024

Guard against surprise attacks with our supply chain intelligence module

Read more
Financial performance graph with downward arrows indicating a decrease in numbers. Economic downturn concept.

April 30, 2024

LockBit Ransomware Strikes US Finance Agency through a Third-Party IT Vendor

Read more
View from the entrance of a tunnel with tracks extending towards a futuristic, dystopian cityscape.

April 19, 2024

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Read more