In this article...
Threat intelligence involves a cycle of gathering, processing, analyzing, and circulating data related to cybersecurity threats. These threats can include malware, phishing attempts, data leaks, distributed denial of service attacks (DDoS), and computer viruses.
Threat intelligence in cybersecurity can be broken up into three broad categories: tactical, strategic, and operational.
Tactical threat intelligence provides data and analysis for immediate response to cybersecurity threats.
Often, tactical threat intelligence simplifies the data into Indicators of Compromise (IOC) to help a team defend against more specific network threats. Examples of IOCs include unusual network traffic, malicious domain names, or bad IP addresses.
The value of tactical threat intelligence depreciates quicker than other types of threat intelligence because of its immediacy. As the simplified IOCs are resolved, bad actors adapt to new attack methods, making outdated threat intelligence less useful.
Strategic threat intelligence involves high-level analysis tailored for less technically-savvy audiences such as a company’s board of directors. It provides a more big-picture look at potential cybersecurity threats and how they would affect the overall business.
Often, cybersecurity professionals will utilize publicly available data like white papers, press releases, and reports to build these analyses.
Operational threat intelligence leverages user and entity behavioral analytics (UEBA) to answer the “who, why, and how” of a cybersecurity attack. Data from past attacks is compiled and analyzed to produce insights into motive, timing, and complexity, among other factors.
While it requires more resources than tactical threat intelligence, operational threat intelligence is also more evergreen. It’s easier for hackers to change their tools than it is to alter their tactics, techniques, and procedures (TTP).
Often, threat intelligence is confused with threat data, which is data related to potential malicious cybersecurity attacks. Meanwhile, threat intelligence is the thorough, contextual examination of that data in order to provide insights to help organizations make better decisions about their business and cybersecurity practices.
Explore Top Threat Intelligence Platforms on eSecurity Planet.