By IT Brew Staff
less than 3 min read
Definition:
Threat intelligence, sometimes referred to as cyber threat intelligence, is information about a cybersecurity threat that has been analyzed and presented in a way that allows cybersecurity professionals to take concrete action.
Threat intelligence often highlights organization-specific vulnerabilities, describes the potential attackers’ identities and favored techniques, and the ways that cybersecurity teams can eliminate risks and improve overall defenses. Producing threat intelligence requires several steps, including:
- Defining requirements. This can include identifying potential attackers as well as the organization’s vulnerabilities.
- Collecting data. Using a variety of information streams, including internal security logs, social media, and the dark web, cybersecurity pros collect raw data on potential threats.
- Processing data. The raw data is then processed into forms usable by cybersecurity analysts.
- Analyzing data. The processed data is analyzed to yield actionable insights.
- Disseminating the analysis. The analysis is properly distributed to stakeholders throughout the organization, preferably in formats (such as reports or PowerPoints) that are easy for everyone to understand.
- Feedback. Collecting feedback from stakeholders can allow IT pros to tweak the organization’s cybersecurity posture.
When executed correctly, threat intelligence can help organizations with everything from incident response and employees’ cybersecurity awareness to improved risk-management plans. Cybersecurity professionals rely on threat intelligence to put their organizations in a proactive mindset when it comes to defending from external and internal threats.
