Classifying Analysts: Intelligence Producers and Intelligence Consumers
The disciplines of swordsmith and swordsman have been intrinsically linked since the dawn of war. The swordsmith who crafted the sword is using a different skillset than the swordsman who wields the sword. In this same way, intelligence analysts come in two broad categories: intelligence producers and intelligence consumers.
The intelligence producer, like the swordsmith, works across the following three stages of the intelligence cycle: Collection, Processing & Exploitation, and Analysis & Production. The intelligence consumer, like the swordsman who handles the sword, works in the stages of Analysis & Production, and Dissemination & Integration.
Intelligence producers take raw data and build intelligence around that data like a swordsmith uses iron and coal to craft a sword. These intelligence producers make connections across disparate datasets to form intelligence. Intelligence consumers gather intelligence from many sources and make decisions as to the relevance of the intelligence to their organization. In this way, intelligence consumers are like swordsmen who take the weapon from the swordsmith and put it to use to achieve their objectives. It is their duty to ensure the intelligence is digested in a timely and meaningful manner.
While some analysts can act as both intelligence producers and consumers, it is most common for these two skillsets to be found in different analysts. In the same way that both the swordsmith and the swordsman are critical to the defense of a kingdom, both intelligence producers and consumers are critical to the defense of an organization. In the ThreatConnect platform, these two disciplines of analyst can work together to aggregate data from inside and outside their organization, analyze this data to create meaningful intelligence, and take appropriate action on that intelligence.
When leveraging information from paid intelligence providers, it is important to remember that those providers likely have clients in a variety of sectors. Because of the wide range of client needs, providers are unlikely to tailor their intelligence reporting in a way that only applies to a single organization or sector. This leaves it to the client’s in-house threat intelligence team to wield the intelligence sword and identify what information is relevant to their organization. In order to make intelligence actionable, the consumers must spend time with processed and unprocessed intelligence and determine if, and how, that intelligence applies to their organization. By spending time enriching relevant indicators prior to a cyber event, they are better equipped to take defensive action and parry an adversary’s strokes. ThreatConnect enables threat intelligence teams to aggregate all of their finished intelligence in one location, increasing efficiency and decreasing the amount of time it takes to gather information for analysis. Instead of spending time in several different platforms trying to identify overlaps and patterns in datasets, ThreatConnect enables multiple analysts to view data and intelligence in one place.
Ideally, every organization should enable both intelligence producers and consumers to interact with each other in the give-and-take that contributes to intelligent decision making. This allows the swordsmiths to hone their skills by getting feedback directly from swordsmen and the swordsmen end up with blades that are lighter and more swift. Bringing these two types of analyst together benefits the whole organization by making the analysts and their tools more powerful and effective.
Whether it’s tracking down adversaries in the South China Sea or providing analysis on who might be infiltrating DNC assets, ThreatConnect provides any organization with the platform it needs to bring the intelligence producer and consumer together. Better blades mean better swordsmen. Better swordsmen mean better defense.