Function of cloud threat intelligence

Security threat intelligence provides context and actionable insights on active attacks and potential threats to enable decision making by security teams, technical teams, and organizational leaders.

Modernization

Threat intelligence teams are emerging and evolving to meet the needs of the security operations center (SOC) and others managing security risk for the organization.

These teams should focus on on a strategy that includes:

  • Strategic threat intelligence tailored to executive audiences increases awareness of cybersecurity risk, funding requirements, and supports sound risk decision making by organizational leadership.
  • Incremental program growth to provide quick wins with direct incident support and evolving into a threat intelligence platform to track and inform stakeholders.
  • Tactical and operational threat intelligence to guide decision making during incident investigation and threat detections.

Team composition and key relationships

Cloud threat intelligence is commonly provided by the following types of roles.

  • Security posture management
  • Organizational executive leadership
  • Key business leaders or their representatives
  • Security architecture and operations
  • IT architecture and operations
  • Risk management teams

Next steps

Review the function of cloud security posture management.