From Intelligence gathering to Cyber Threat Detection

Intelligence plays a key role in the detection and neutralisation of threat actors in cyberspace, particularly when dealing with advanced ones. However, the relationship between intelligence and the final detection capabilities is not well–defined in most cases. Even the role of information gathering disciplines, which are the basis of intelligence and therefore of cyber intelligence, is confusing and not consensual between authors. In this work we contextualize intelligence gathering disciplines in the cyber intelligence arena. We discuss the role of all of these disciplines in the characterization of advanced threat actors, from the strategic to the tactical views. Once characterization has been performed, we analyse the detection capabilities that intelligence provides, in the form of indicators of compromise, both low–level and behavioural ones. Following this approach, in this work we are defining the road from initial intelligence gathering to threat detection.