Your cart is currently empty!
The How and What on Cyber Threat Intelligence
![City Skyline - The How and What on Cyber Threat Intelligence](https://threatintelligencelab.com/wp-content/uploads/2023/12/image-8.png)
In cyber threat intelligence, we gather information that allows us to map and even predict how threat actors will try to target assets that we are supposed to protect.
So it is of paramount importance for all of us to understand what the meaning of cyber threat intelligence is.
Well, the answer on that is this: Cyber Threat Intelligence is the act of gathering, analyzing and disseminating the motivation, intention and methods of cybercriminals.
In simple terms this means, that we want to know all about the adversaries that might be interested to target the assets we are supposed to protect.
This includes indicators like knowing where they usually host their command and control systems, which type of phishing kits they use and how their malware would operate once it is installed on a system.
Cyber Threat Intelligence
Cyber Threat Intelligence
![](https://threatintelligencelab.com/wp-content/uploads/2023/12/image-8-1024x576.png)
Actionable Threat Intelligence
Working with Actionable Threat Intelligence
Now that we understand what cyber threat intelligence is, we need to talk about actionable threat intelligence.
You might wonder what the difference is, and the answer to that is pretty simple.
Cyber threat intelligence comes in vast amounts of data, and it is not always clear on what can be done with that data.
While, with actionable threat intelligence, the cybersecurity teams are equipped with data that allows them to immediately take action on (persistent) threats.
In most situations, actionable threat intelligence will hold the following:
- Specificity – Specific IOC that you need to give attention
- Relevance – This part shows how important it is for you to take action.
- Timeliness – How fresh is the information. Can action be taken?
- Contextual information – TTP’s and more with a focus on the threat
- Mitigation advice – Practical steps on how to reduce and mitigate the risk
Actionable threat intelligence powers cybersecurity teams to respond effectively to cyberattacks.
Threat Intelligence Types
We have taken a look at two types of threat intelligence already, but there are some more.
![Click to expand this 'Threat Intelligence Types' infographic.](https://threatintelligencelab.com/wp-content/uploads/2023/12/image-6-120x300.png)
Take a look at this list, it holds 5 common types of Threat Intelligence:
- Basic Threat Intelligence
- Actionable (Tactical) Threat Intelligence
- Technical Threat Intelligence
- Operational Threat Intelligence
- Strategic Threat Intelligence
To take a quick look at them.
Technical threat intelligence holds detailed information on malware, vulnerabilities and indicators of compromise.
Operational threat intelligence has a focus on current threats and IOC that should be used directly in security operation centers (SOC).
Last of them all is ‘strategic threat intelligence‘, this helps the C-level and decision makers to make up their minds and to make the right “calculated” decisions.
![5 Types of Threat Intelligence: Basic, Technical, Strategic, Actionable and Operational.](https://threatintelligencelab.com/wp-content/uploads/2023/12/threat-intelligence-types-1024x576.jpg)
Quality Threat Intelligence
Now there are many vendors that claim to provide quality threat intelligence feeds.
After all, if you have done all of the hard work of gathering, analyzing and disseminating cyber attacks — there is just a minor chance of not being able to provide quality TI.
While, if you skip one of the steps, let’s say analyzing the attack, there is going to be a big chance of not being able to provide the quality TI the client needs.
Way too often have we seen Threat Intelligence providers that simply copied “Free Feeds” into “paid” commercial feeds. They provide big chunks of data (which often are incorrect or outdated) without any context.
Yes, they have a big chance on False positives.
Remember, Threat Intelligence is not just sharing IP addresses, it is about bringing context to the IOC that are presented to you.
![Quality Threat Intelligence](https://threatintelligencelab.com/wp-content/uploads/2023/12/quality-Threat-Intelligence-1024x576.jpg)
Here at Threat Intelligence Lab (TIL), we appreciate the hard work that is done by all of those security specialists, and we see the value that these feeds/platforms give.
That is why, we have also started our ‘Threat Intelligence Feeds‘ topic.
- Why Data Breach Report Feeds Are Important
- The Top 10 Essential Log Sources for IT Monitoring
- Dark Web Cybercrime Forums You Should Monitor
- How to Parse and Use VirusTotal feeds
- Getting The Most Out Of URLscan.io
There you can find all types of TI providers, which we have checked and actually can vouch for (if implemented and used correctly).
Useful links: