Building Capable Threat Intelligence Programs

Feb 21, 2024

Component not found for block type: video-embed

Starting a cyber threat intelligence program (CTI) prompts many questions: What intelligence is most useful? Where are the data sources? How can you satisfy stakeholders? And ultimately, how you demonstrate that a CTI program prevented security incidents? John Fokker, head of threat intelligence at Trellix, says that it is possible to build effective CTI programs with smaller teams, but stakeholder buy-in is important. In this episode of Studio 471, we also discuss the Cyber Threat Intelligence Capability Maturity Model (CTI CMM), a framework under development by CTI experts. The framework, due to be released later this year, aims to guide organizations to building more capable and mature CTI programs.

Participants:
John Fokker, Head of Threat Intelligence, Trellix
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Emerging Threats//

CrazyHunter Ransomware

CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.

Emerging Threats//

DevMan Ransomware

DevMan Ransomware is a newly emerging ransomware operation observed in 2025 that has been assessed as a derivative of the DragonForce ransomware family.

Emerging Threats//

Gootloader Malware Update

Gootloader resurfaced with enhanced capabilities, building on the multi-stage loader malware first seen in 2020.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Building Capable Threat Intelligence Programs

Related Articles

CrazyHunter Ransomware

DevMan Ransomware

Gootloader Malware Update

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update