Home/Glossary/Threat Intelligence

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Threat IntelligenceAlso called: "cyber threat intelligence", "cti"

Threat intelligence transforms raw data into actionable insights.

Types of intelligence

  • Strategic: High-level trends for executives and board.
  • Tactical: TTPs (tactics, techniques, procedures) for security teams.
  • Operational: Specific campaigns and threat actor activity.
  • Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.

Intelligence cycle

  1. Requirements: Define what intelligence is needed.
  2. Collection: Gather data from internal/external sources.
  3. Processing: Normalize and enrich raw data.
  4. Analysis: Identify patterns and assess impact.
  5. Dissemination: Share intel with stakeholders.
  6. Feedback: Refine based on effectiveness.

Sources

  • Commercial feeds (Recorded Future, Mandiant).
  • Open-source (MISP, AlienVault OTX).
  • ISACs (Information Sharing and Analysis Centers).
  • Internal telemetry and incident data.

Related Tools

Related Articles

View all articles
Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Master the formal security models that underpin all access control systems. This comprehensive guide covers Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash, lattice-based access control, and how to choose the right model for your organization.

Read article →
Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Master the critical metrics behind biometric authentication systems including False Acceptance Rate (FAR), False Rejection Rate (FRR), and Crossover Error Rate (CER). Learn how to evaluate, tune, and deploy biometric systems across enterprise, consumer, and high-security environments.

Read article →
Database Inference & Aggregation Attacks: The Complete Defense Guide

Database Inference & Aggregation Attacks: The Complete Defense Guide

Learn how inference and aggregation attacks exploit aggregate queries and combined data to reveal protected information, and discover proven countermeasures including differential privacy, polyinstantiation, and query restriction controls.

Read article →
NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

Master NIST SP 800-88 Rev. 1 media sanitization methods including Clear, Purge, and Destroy. Covers SSD vs HDD sanitization, crypto erase, degaussing, regulatory compliance, and building a media sanitization program.

Read article →

Explore More Threat Intelligence

View all terms

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.

Read more →

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.

Read more →

IP Reputation

A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.

Read more →

Keylogger

Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.

Read more →

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →
Back to glossary