Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
The F3EAD cycle (Find, Fix Finish, Exploit, Analyze and Disseminate) is an alternative intelligence cycle commonly used within Western militaries within the context of operations that typically result in lethal action, such as drone strikes and special forces operations. A basic summary of the phases of the cycle is as follows:
Looking at the above cycle from an information security perspective, it becomes obvious that this cycle can be applied within the cyber security context. This statement is borne out by making small changes to the above narrative i.e. replace “Kill or capture” with “remove or restrict.” Many security teams do the practice of “find-remove-on to the next” and, while that is at the core of the F3EAD cycle, there is still value in defining the process within the confines of the framework.
Some may ask, “is F3EAD merely reinventing the wheel of the intelligence cycle?” I would argue ‘no’ and that F3EAD is far more tactical in practice than the more strategic intelligence cycle and it’s less defined boundaries of Direction, Collection, Analysis and Dissemination.
What the existence and simulations of both these intelligence frameworks cycles show is that intelligence as a professional practice spans a number of levels within the organization, from the high-level strategic decision making that the intelligence cycle caters to, down to the tactical, ‘minute by minute’ style of operation that the F3EAD cycle supports. Within this context, both cycles could be implemented within an organization. Shown below is a simple example of a hypothetical organization using both cycles to combat an Advanced Persistent Threat group, the intention of this is to show how the cycle interlink and provide mutual support to each other and some of the key stakeholders invested in both.
What can be seen from the above example is that the intelligence cycle and the F3EAD cycle can be employed closely together to fulfill the overall company’s intelligence requirements, both tactical and strategic. One way of visualizing these two cycles is as cogs turning together within the intelligence process, with intersections between the intelligence cycle’s “Collection” phase and the F3EAD cycle’s “Find” phase. This relationship is shown below.
To learn more, subscribe to our threat intelligence emails here.