Function of cloud threat intelligence
Security threat intelligence provides context and actionable insights on active attacks and potential threats to enable decision making by security teams, technical teams, and organizational leaders.
Threat intelligence teams are emerging and evolving to meet the needs of the security operations center (SOC) and others managing security risk for the organization.
These teams should focus on a strategy that includes:
- Strategic threat intelligence tailored to executive audiences increases awareness of cybersecurity risk, funding requirements, and supports sound risk decision making by organizational leadership.
- Incremental program growth to provide quick wins with direct incident support and evolving into a threat intelligence platform to track and inform stakeholders.
- Tactical and operational threat intelligence to guide decision making during incident investigation and threat detections.
Team composition and key relationships
Cloud threat intelligence is commonly provided by the following types of roles.
- Security posture management
- Organizational executive leadership
- Key business leaders or their representatives
- Security architecture and operations
- IT architecture and operations
- Risk management teams
Review the function of cloud security posture management.