From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing Platforms

In the last couple of years, organizations have demonstrated an increasing willingness to share data, information and intelligence regarding emerging threats to collectively protect against today's sophisticated cyber attacks. Accordingly, several vendors started to implement software solutions that facilitate this exchange and appear under the name cyber threat intelligence sharing platforms. However, recent investigations have shown that these platforms differ significantly in their functional scope and often only provide threat data instead of the promised actionable intelligence. Moreover, it is unclear to what extent the platforms implement the expected intelligence cycle processes. In order to close this gap, we investigate the state-of-the-art in scientific literature and analyze the functional scope of nine threat intelligence sharing platforms with respect to the intelligence cycle. Our study provides a comprehensive list of software functions that should be implemented by cyber threat intelligence sharing platforms in order to support the intelligence cycle to generate actionable threat intelligence.