.jpg)
As threat environments grow more complex with the rise of generative AI and a commercialized cybercrime ecosystem, many organizations struggle to derive meaningful value from their cyberthreat intelligence programs. A new white paper from ISACA, "Building a Threat-Led Cybersecurity Program with Cyberthreat Intelligence," provides a practical blueprint for strengthening these programs and adopting a holistic, threat-led approach to improve operational impact.
ISACA releases a new guide for building effective, threat-led cybersecurity programs.
The resource addresses challenges like data overload and lack of automation.
It outlines a process for selecting and deploying a threat intelligence platform.
Key recommendations include automating credential prioritization and verification.
It suggests using Large Language Models (LLMs) to analyze dark web data.
The goal is to reduce mean time to detection and response through AI integration.
The white paper serves as a guide for practitioners at any maturity level, detailing steps to develop a threat model, establish priority intelligence requirements, and align intelligence outputs with enterprise risk management objectives. This foundational work is critical for moving from a reactive to a proactive security posture.
A core component of an effective program is the technology stack. ISACA's resource provides a structured approach for selecting a threat intelligence platform, regardless of budget. Key steps include capturing detailed intelligence requirements, engaging stakeholders across security and compliance teams, conducting a thorough vendor evaluation, and ensuring proper deployment with integrated automations and workflows.
Integrating AI into a threat intelligence program demands a cross-functional operating model. The white paper suggests four specific applications to enhance maturity and reduce the mean time to detection (MTTD) and mean time to response (MTTR):
Parsing of breached identities for prioritization: Apply automation to prioritize stealer logs that contain enterprise credentials, using rules-based detection that classifies each log by the relative risk of the domains and assets it references.
Large Language Model-Enabled Initial Access Broker (IAB) Analysis: Identify IAB posts and assist in processing and analyzing massive amounts of unstructured text data from the dark web, hacker forums, and other sources.
Breached Credential Verification and Remediation: Establish a relationship with a trusted threat intelligence provider to receive timely alerts when employee email addresses and credentials appear in criminal marketplaces or stealer logs.
IoC Feeds for Threat Hunting: Curate high-fidelity feeds that enhance detection capabilities without overwhelming analysts with false positives.
"An effective threat intelligence program is the cornerstone of a cybersecurity governance program. To put this in place, companies must implement controls to proactively detect emerging threats, as well as have an incident handling process that prioritizes incidents automatically based on feeds from different sources. This needs to be able to correlate a massive amount of data and provide automatic responses to enhance proactive actions," says Carlos Portuguez, Sr. Director BISO, Concentrix, and member of the ISACA Emerging Trends Working Group.
By adopting these AI-driven strategies and a structured approach to program development, organizations can overcome common challenges like data overload and skill gaps to build a more resilient and responsive cybersecurity operation.
About ISACA
For more than 55 years, ISACA®has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with more than 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.