Home/Glossary/Threat Intelligence

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Threat IntelligenceAlso called: "cyber threat intelligence", "cti"

Threat intelligence transforms raw data into actionable insights.

Types of intelligence

  • Strategic: High-level trends for executives and board.
  • Tactical: TTPs (tactics, techniques, procedures) for security teams.
  • Operational: Specific campaigns and threat actor activity.
  • Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.

Intelligence cycle

  1. Requirements: Define what intelligence is needed.
  2. Collection: Gather data from internal/external sources.
  3. Processing: Normalize and enrich raw data.
  4. Analysis: Identify patterns and assess impact.
  5. Dissemination: Share intel with stakeholders.
  6. Feedback: Refine based on effectiveness.

Sources

  • Commercial feeds (Recorded Future, Mandiant).
  • Open-source (MISP, AlienVault OTX).
  • ISACs (Information Sharing and Analysis Centers).
  • Internal telemetry and incident data.

Related Tools

Related Articles

View all articles
MDR Vendor Performance Benchmarks: The Metrics That Matter

MDR Vendor Performance Benchmarks: The Metrics That Matter

Only a handful of MDR providers publish detection and response time benchmarks. We compiled every publicly citable metric from CrowdStrike, Expel, Huntress, eSentire, Arctic Wolf, Red Canary, and Microsoft to help you compare vendors on data, not marketing.

Read article →
CrowdStrike vs Expel: MDR Detection Speed Comparison

CrowdStrike vs Expel: MDR Detection Speed Comparison

CrowdStrike and Expel are two of the only MDR providers that publish both detection and response time benchmarks. Expel is faster on MTTR (13 min vs 37 min). CrowdStrike has MITRE validation.

Read article →
CrowdStrike vs SentinelOne: Endpoint Security and MITRE ATT&CK Compared

CrowdStrike vs SentinelOne: Endpoint Security and MITRE ATT&CK Compared

Both CrowdStrike and SentinelOne deliver strong MITRE ATT&CK detection results. The key difference: CrowdStrike is the only vendor with MITRE Managed Services evaluation.

Read article →
AES vs Classical Ciphers: Why Modern Encryption Actually Works

AES vs Classical Ciphers: Why Modern Encryption Actually Works

Understand why AES is unbreakable while Caesar cipher fails instantly. Learn the fundamental differences between classical and modern encryption, and why proper cryptography matters for real security.

Read article →

Explore More Threat Intelligence

View all terms

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.

Read more →

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.

Read more →

IP Reputation

A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.

Read more →

Keylogger

Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.

Read more →

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →
Back to glossary