On-the-fly enrichment by CTI for data investigation is now possible with Malizen. The implementation of this new feature led us to ask ourselves some questions about CTI.
Which information to consider and showcase to users? Where to look for it? What is the level of detail needed during an investigation and/or in a report? How to secure the level of quality for users?
To illustrate our considerations, we have found this article which, in our opinion, sums up quite well how the field is still emerging. The paper reviews the existing research related to CTI. It also identifies current CTI products and services that include threat intelligence data feeds, threat intelligence standards and tools being used in CTI. Based on the review for CTI definition, standards and tools, this paper identifies the current challenges: threat data overload, threat data quality, privacy and legal issue and interoperability between threat sharing peers.
In short, enough to do a little more R&D on the subject for the next few years!
