What is Cyber Threat Intelligence?

Defining Cyber Threat Intelligence

Cyber threat intelligence (CTI) can be defined as “contextually enriched information concerning actors, threats, and vulnerabilities presented to enhance the decision-making process and heighten the consumer’s security posture.” This enriched information is the result of planning, collection, analysis, and dissemination leading to greater situational awareness and the integration of countermeasures.

CTI is consumed by all levels of security to provide the following:

  1. Perform situation development: Provisioning of intelligence to support a greater understanding of the threat landscape.
  2. Support in protecting an organization and its assets: Utilize the understanding of the threat landscape to determine pending threats to the organization and create the appropriate countermeasures.
  3. Provide Indications and Warnings (I&W): To identify and prevent vulnerabilities from being exploited, as well as informing on potential or pending attacks.

Why is Cyber Threat Intelligence Important?

The importance of cyber threat intelligence lies in its ability to be consumed by all teams within a security program, as well as a majority of security solutions. This level of influence ensures human consumers have a higher level of understanding of the threat landscape enabling judgement-based decision making and security technologies implement countermeasures to contest the actions of actors with malicious intent. Without actionable and contextualized CTI, security teams will be making best guesses and assumptions instead intelligence-based decisions.

What are the Key Types of Cyber Threat Intelligence

Cyber threat intelligence should have different levels of focus that make it relevant to the consumer of that intel. Below are definitions and examples of each:

Basic Intelligence:

  • Largely deals with past events and bringing them to present [describes / explains / evaluates / tracks]
  • Basic intelligence is relevant to intelligence analysts to gain an historical understanding of the threat landscape

Current Intelligence:

  • Situationally designed to get relevant intelligence outbound to decision makers [describes / explains / evaluates current events]
  • Current intelligence is useful for SOC analysts, incident responders and threat hunters in assisting with context around alerts and indicators of compromise

Estimative Intelligence:

  • Used to prepare decision makers for future threats / events [predictive / more strategic]
  • Estimative (predictive) intelligence can assist senior security leaders in understanding and planning for future threats and the reduction of risk by assisting in the planning process for future technology budgeting and controls review and enacting

How to Address Cyber Threat Intelligence

The Fidelis Elevate platform consumes threat intelligence from the Fidelis Threat Research Team (TRT) in the form of countermeasures and automated threat feeds. These countermeasures and threat feeds are the results of TRT Security Researchers and Cyber Threat Intelligence Analysts curation of intelligence information and analysis from multiple open-source and proprietary sources.

Return to the Education Center
squares

Get Started

See Fidelis platforms in action. Learn how our fast, scalable Fidelis Elevate and Fidelis CloudPassage Halo platforms provide deep insights into the SOC to help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries.