Overview
Threat Intelligence (or Cyber Threat Intelligence - CTI) is the collection and analysis of information about potential or current attacks that threaten an organization. It provides context about who is attacking, why they are attacking, and what methods they are using.
Types of Threat Intelligence
- Strategic: High-level information about the threat landscape, intended for executives (e.g., trends in nation-state attacks).
- Operational: Details about specific incoming attacks, intended for security managers.
- Tactical: Technical details about attacker methodologies (TTPs), intended for SOC analysts.
- Technical: Specific indicators like file hashes or malicious IP addresses (IoCs).
Benefits
- Proactive Defense: Identifying threats before they strike.
- Improved Incident Response: Providing context to speed up investigations.
- Better Resource Allocation: Focusing security efforts on the most likely threats.