Home/Glossary/Threat Intelligence

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Threat IntelligenceAlso called: "cyber threat intelligence", "cti"

Threat intelligence transforms raw data into actionable insights.

Types of intelligence

  • Strategic: High-level trends for executives and board.
  • Tactical: TTPs (tactics, techniques, procedures) for security teams.
  • Operational: Specific campaigns and threat actor activity.
  • Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.

Intelligence cycle

  1. Requirements: Define what intelligence is needed.
  2. Collection: Gather data from internal/external sources.
  3. Processing: Normalize and enrich raw data.
  4. Analysis: Identify patterns and assess impact.
  5. Dissemination: Share intel with stakeholders.
  6. Feedback: Refine based on effectiveness.

Sources

  • Commercial feeds (Recorded Future, Mandiant).
  • Open-source (MISP, AlienVault OTX).
  • ISACs (Information Sharing and Analysis Centers).
  • Internal telemetry and incident data.

Related Tools

Related Articles

View all articles
📄

AI Gateway Guide: What They Are, Why You Need One, and How to Choose

A comprehensive guide to AI gateways — the proxy layer between your app and LLM providers. Compare Cloudflare AI Gateway, Portkey, Helicone, LiteLLM, AWS Bedrock, Azure APIM, and more across pricing, features, and architecture.

Read article →
📄

CDN Showdown: Cloudflare vs CloudFront vs Azure CDN vs Google Cloud CDN

A deep technical comparison of CDN architectures from Cloudflare, AWS CloudFront, Azure CDN/Front Door, and Google Cloud CDN — covering network design, security, pricing, and when to choose each.

Read article →
📄

Object Storage Face-Off: Cloudflare R2 vs S3 vs Azure Blob vs Google Cloud Storage

A deep technical comparison of object storage platforms — Cloudflare R2, AWS S3, Azure Blob Storage, and Google Cloud Storage — covering architecture, egress fees, features, pricing, and migration strategies.

Read article →
📄

DNS Infrastructure Compared: Cloudflare DNS vs Route 53 vs Azure DNS vs Google Cloud DNS

A deep technical comparison of managed DNS services from Cloudflare, AWS Route 53, Azure DNS, and Google Cloud DNS — covering architecture, performance, security, pricing, and strategic implications.

Read article →

Explore More Threat Intelligence

View all terms

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.

Read more →

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.

Read more →

IP Reputation

A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.

Read more →

Keylogger

Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.

Read more →

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →
Back to glossary