Threat intelligence is a core component of a Zero Trust (ZT) architecture. ZT is a security concept and framework that assumes that all network traffic is to be untrusted and requires strong authentication and authorization. Threat intelligence can then be used to support the development and implementation of zero trust policies and controls.
Threat intelligence can help an organization identify and better assess potential threats and risks to systems and networks. Threat intelligence can be used to identify previously known threat actors and the tactics, techniques, and procedures (TTPs) they use. Threat intelligence can also identify emerging threats which may not be previously identified. This valuable information can be used to further enhance security controls to better monitor for related suspicious activity within the network.
A simple example would be where an organization has used threat intelligence to identify a threat actor and the malicious malware tools they use, so that the security controls in place can utilize that threat intelligence to detect and successfully block that malware from entering the network.
Threat intelligence can also be used to educate and train employees on how they identify and best respond to possible threats. In a ZT network environment, all network traffic must be assumed to be untrusted, so employees are expected to be watchful for potential suspicious activity. ZT helps organizations understand and identify threats earlier, and then inform the development and deployment of more effective security controls.
Threat intelligence helps organizations understand likely and potential threats to their organization. Further, threat intelligence can inform the implementation of effective security controls.
It is important to incorporate threat intelligence into a ZT architecture such that it is scalable, automated, and well-integrated with other security controls. It is also recommended that organizations must establish a process to collect, analyze, and disseminate threat intelligence. This process should also be well-integrated with other security controls such as network segmentation and access control.