What is Threat Intelligence

Threat intelligence introduction

Cyber threat intelligence is a subset of intelligence focused on information security. This curated information is intended to help you make better decisions about how to defend yourself and your business from cyber-based threats. Some of the questions threat intelligence can answer include:

• Who are my adversaries and how might they attack me?
• How do attack vectors affect the security of my company?
• What should my security operations teams be watching for?
• How can I reduce the risk of a cyber attack against my company?

“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.”

Gartner definition of threat intelligence

Levels of threat intelligence

Utilizing each instance of intelligence is important because they serve different functions. Analysts leveraging the sum knowledge of these three types of intelligence are better able to determine what security solutions to use, how they should be leveraged, and how to proactively and reactively respond to threats

Cyber threat intelligence is generally viewed in three levels:

• Strategic: Answering the “Who” and “Why”
• Operational: Answering the How and Where
• Tactical: Answering the What