What is Threat Intelligence?
Threat intelligence is the analysis of internal and external threats to an organization in a systematic way. The treats that threat intelligence attempts to defend against include zero-day threats, exploits and advanced persistent threats (APTs). Threat intelligence involves in-depth analysis of both internal and external threats.
Threat intelligence is the in-depth analysis of potential computer and network security threats to an organization. As with military intelligence, the goal is to get as much information as possible about threats so that a company can take proper action against them. The term implies anticipating and defending against attacks rather than just reacting with incident management techniques.
Threat intelligence can examine threats facing one organization or it can cast an even wider net, involving the cooperation of other firms also known as ISACs, Information Sharing and Analysis Centers. For example, the Retail Cyber Intelligence Sharing Center (R-CISC) is one group that involves security professionals at different companies coming together to share information on threats. As attacks become more sophisticated, professionals working to minimize threats must collaborate with each other.
Many times base threat intelligence can be consolidated into lists of domains, IP addresses, hashes, or filenames to offer a starting point for base threat intelligence. For example: SANS threat feeds« Back to Glossary Index