Threat Intelligence
Definition
Threat intelligence is information an organization uses to understand the threats that have, will, or are currently targeting the organization. This information is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources.
Why It Matters
Threat intelligence helps organizations move from a reactive to a proactive security posture. By understanding the tactics, techniques, and procedures (TTPs) of common adversaries, they can better anticipate and defend against future attacks.
Contextual Example
A bank subscribes to a threat intelligence feed. The feed provides information about a new malware campaign targeting financial institutions. The bank's security team uses this information to create new detection rules in their SIEM and proactively hunt for signs of the malware in their network.
Common Misunderstandings
- Threat intelligence can be strategic (high-level trends), operational (details about specific attacks), or tactical (specific indicators of compromise like IP addresses or file hashes).
- It provides context to help security teams prioritize their efforts.