美国网络威胁情报应用评析

An Analysis of the Application of Cyber Threat Intelligence in the United States

[目的/意义]网络威胁情报已成为美遏制网络攻击,抵御网络威胁的重要安全实践。作为"情报驱动网络安全"的重要一环,美国正逐步建立基于网络威胁情报的网络生态。对美网络威胁情报应用情况进行分析,能够为政府及产业界提供有益借鉴,推动我国网络安全理念升级。[方法/过程]运用文献解读、比较分析、技术分析等方法围绕美网络威胁情报应用现状进行研究,对其特点、面临的挑战及发展趋势进行了分析。[结果/结论]美国网络威胁情报应用形成了"标准—项目—平台—系统"的逻辑链路,构建了自身独特的管理模式,逐渐形成国家主导,网络安全服务商主建的发展模式,逐步实现基于网络威胁情报的网络安全控制。

[ Purpose/Significance] Cyber threat intelligence has become an important security practice to prevent cyber attacks and protect against cyber threats. As an important part of ＂ intelligence-driven cyber security＂, the United States is gradually building a cyber ecosys-tem based on cyberthreat intelligence. The analysis of it＇s application can provide a useful reference to promote the upgrading of China＇s network security concept. [ Method/Process] Using literature review, comparative analysis, technical analysis and other methods to stud-y. Its characteristics, challenges and development trends were analyzed. [ Result/Conclusion] The US cyber threat intelligence application forms the logical link of ＇ standard-project-platform-system＇, constructs its own unique management mode, and gradually forms the state -led development pattern . The United States is gradually achieving cyber security control based on cyber threat intelligence.