Intel 471 makes industry-leading announcements at Black… | Intel 471 Skip to content

Intel 471 makes industry-leading announcements at Black Hat USA 2024

Aug 20, 2024
Homepage slide 1

With another successful Black Hat event behind us, the Intel 471 Team is delighted to share some key insights we learned in discussions with customers, security industry professionals, and partners about trends in cyber threat intelligence (CTI), threat hunting sophisticated adversaries, AI and the nexus between geopolitics and the digital threat environment.

But first, Intel 471 made two groundbreaking announcements at Black Hat that drive innovation in cybersecurity and elevate CTI practices across the industry.

  • We released Cyber Geopolitical Intelligence, available as a new intelligence domain on our TITAN platform, which delivers insights and analysis of political activity and significant regional events, including in China, Iran and Russia, with a special focus on changes that impact the cyber threat environment.

  • We shared news of our support for the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), an initiative that we sponsored and led the development of with 27 CTI expert peers from the end-user and vendor communities. The CTI-CMM is an easy to use, vendor-neutral model that promotes a “stakeholder-first” approach to building a mature CTI program. It also provides a framework for organizations to evaluate CTI maturity and make continuous CTI-led improvements to security programs. Learn more at cti-cmm.org

Some of our observations from Black Hat 2024:

  1. Converged CTI and threat hunting is the future
    More organizations are integrating threat hunting and CTI practices, not only to hunt down threats inside the network but continually improve security posture and visibility in security log data. Intel 471 set the standard for intelligence-driven threat hunting to help hunt teams identify and remove threats inside the network before they manifest into more harmful incidents. These hunts depend on accurate, timely, and credible intelligence on threat actor TTPs, critical vulnerabilities, and behavioral malware analysis to identify threats that may be missed by signature-based methods.

  2. Threat hunters need content and tools to drive efficiency
    Threat hunting teams need continually updated threat hunt content to run queries on logging data as well as the tools to emulate and validate threats in their environment. This helps them avoid wasting time on false positives or red-herrings like actively exploited but already-remediated vulnerabilities, noisy indicators, and outdated TTPs. Importantly, it also enables customers to respond and react quickly to the ever-changing threat landscape.

  3. Threat hunt methodologies matter
    Threat hunting is different to threat detection engineering. Security teams are aware of important differences in threat hunt methodologies that separate Intel 471’s behavioral threat hunting from competitors that claim to offer automated intelligence-driven threat hunting. Threat hunting that improves business outcomes and security posture requires deep expertise and human analysis of evolving TTPs and malicious behaviors in the context of their environment and security tooling. This cannot be wholly automated despite what some competitors claim.

  4. The jury is still out on AI in security
    People and organizations are still divided over how AI can solve security challenges; this will continue in 2024, and 2025 will start to see more definitive solutions in this space

  5. CTI needs to support all stakeholders’ risk reduction goals
    There is genuine excitement in the security industry among CTI practitioners and vendors about how the CTI-CMM can lift threat intelligence programs and drive robust cybersecurity. The industry-developed, Intel 471-led CTI-CMM promotes “stakeholder-first” approach to ensure that management, security operations, and incident response have appropriate strategic, operational, and tactical intelligence to achieve their distinct goals in proactive defense and risk reduction.

  6. Geopolitics is central to cybersecurity strategy
    European, UK and U.S. businesses are acutely aware that geopolitical events, such as regional conflict, changes in political leadership, international policy, and trade disputes, influence the cyber threat landscape.

  7. Leaders need intelligence that connects geopolitics to the digital threat environment
    There is a real need for cyber geopolitical intelligence that truly focuses on the cyber impact of geopolitical events. While there is an abundance of geopolitical intelligence, what security and business leaders say is that they lack the contextual analysis and reporting that connects significant political events to emerging cyber threats relevant to their assets and supply chains.

The massive interest by attendees at Black Hat 2024 in intelligence-driven behavioral threat hunting showed to us that we’ve created converged threat-hunting and CTI solutions that truly help customers operationalize CTI to remove advanced threats, reduce their attack surface, improve security posture, and reduce cyber risks. The reception by existing TITAN customers to the launch of Cyber Geopolitical Intelligence — with its true focus on the nexus between geopolitics and cyber threats — indicated this is a vital capability that they have not been able to acquire elsewhere. It builds on Intel 471’s leadership in CTI with geopolitical intelligence experts with deep in-country expertise and local language skills that enable unmatched intelligence sourcing. Finally, conversations with customers, partners and the industry at Black Hat 2024 validated that Intel 471’s efforts to improve CTI, the industry as a whole, and all stakeholders is being embraced as the right approach to drive robust cybersecurity programs, help organizations stay ahead of evolving threats, and meet new cybersecurity regulatory compliance obligations.