Threat Intelligence

Threat intelligence is information about the potential attacks an organization may face and how to detect and stop those attacks. Law enforcement sometimes distributes “Wanted” posters with information about suspects; similarly, cyber threat intelligence contains information about what current threats look like and where they come from.

In digital security terms, a “threat” is an action with malicious intent that could result in data being stolen, lost, or altered without permission. The term refers to both potential and actual attacks. Threat intelligence enables organizations to take action against threats, rather than merely providing data. Each piece of threat intelligence helps make it possible to detect and prevent attacks.

Some types of threat intelligence can be fed into firewallsweb application firewalls (WAFs), security information and event management (SIEM) systems, and other security products, enabling them to more effectively identify and block threats. Other types of threat intelligence are more general and help organizations make larger strategic decisions.

What are the three main types of threat intelligence?

Most threat intelligence fits into one of these three categories:

  1. Strategic intelligence describes overall trends and long-term issues. It can also include the motivations, goals, and methods of known attackers.
  2. Operational intelligence describes the tactics, techniques, and procedures (TTP) used by attackers — for instance, which malware toolkits or exploit kits attackers use, where their attacks come from, or the steps they typically follow to carry out an attack.
  3. Tactical intelligence is specific on-the-ground details about threats; it enables organizations to identify threats on a case-by-case basis. Malware signatures and indicators of compromise (IoC) are examples of tactical intelligence. Both of these terms are explained further below.

What is a malware signature?

A signature is a unique pattern or sequence of bytes by which malware can be identified. In the same way that fingerprints are used to identify persons suspected of a crime, signatures help identify malicious software.

Signature detection is one of the most common forms of malware analysis. To be effective, signature detection needs to be constantly updated with the latest malware signatures identified in the wild.

What are indicators of compromise (IoC)?

An indicator of compromise (IoC) is a piece of data that helps identify whether or not an attack has taken place or is in progress. An IoC is like an item of physical evidence that a detective might collect to determine who was present at the scene of the crime. Similarly, certain digital evidence — unusual activity recorded in logs, network traffic to unauthorized servers, etc. — helps administrators determine when an attack has occurred (or is currently happening) and what kind of attack it was.

Without IoCs, it can sometimes be difficult to determine if an attack has taken place; it often benefits the attacker to remain undetected (for instance, if they want to use a compromised device in a botnet).

What is a threat intelligence feed?

threat intelligence feed is an external stream of threat intelligence data. Like an RSS feed for blogs, organizations can subscribe to a threat intelligence feed to provide constant security updates to their systems.

Some threat intelligence feeds are free; others cost money and provide proprietary intelligence not available from open sources.


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.