Advancing Intelligence-Led Cybersecurity: An Architecture for Cyber Security Intelligence Center

The swift progression of cyber threats presents significant challenges for organizations striving to safeguard their digital assets through traditional security methods alone. Research shows that relying only on security controls and incident response is insufficient. On the other hand Cyber Threat Intelligence (CTI) has become an essential component of effective cybersecurity strategies, facilitating the proactive identification and coordinated response to threats. This paper proposes a novel architecture for establishing a Cyber Security Intelligence Center (CSIC) within an organization. As the CSIC is a pure novel concept, the first version is implemented in the MCI R&D Office of Security to evaluate its effectiveness and performance. The CSIC would conduct cyber intelligence operations and intelligently integrate with existing security operations and business functions. The proposed CSIC architecture includes CTI lifecycle processes to perform its core functions. In the proposed CSIC intelligence operations would interact closely with security teams, such as those dedicated to prevention, detection and response, aiming to enhance organizational capabilities for preempting and identifying novel cyber threats. Preliminary findings demonstrate establishing a centralized intelligence operation through a CSIC may significantly improve an organization's time to predict, time to detect and time to respond to cybersecurity threats.