Threat Intelligence: what, when and how

Intelligence vs data

It’s an obvious truism that the world is drowning in data. Many organizations collect vast amounts of threat data and information, but often find it difficult to make use of this within their operations. Threat intelligence (TI), on the other hand, combines data, information, and detailed analysis, with the specific aim of giving security teams timely, accurate and actionable insights they can use to combat security threats and other cybersecurity-related issues. TI achieves this by adding context to the threat data and information an organization already has and enriching it with intelligence – much of it gleaned from the dark web – about the tactics, techniques, and procedures (TTPs) used by known threat actors.

This can be provided through regularly updated threat data feeds, wide-ranging reports, and dedicated services - between them enabling security teams to better understand the motivations, methods, and identities of potential attackers, improve their decision making, and reduce their organization’s risk of being compromised. With an extensive range of providers to choose from, organizations can also use TI to transform their understanding of their specific threat landscape - for example through detailed analysis of historical and emerging threats targeting their industry, region or even their individual enterprise - and so improve the performance of functions such as vulnerability management, threat hunting, incident response and more.