Skip to content

New SANS 2023 CTI report – Keeping up with a changing threat landscape Download Report +

  • How it works
  • Solutions
        • Cyber Threat Intelligence
          • APT Monitoring
          • Asset Monitoring
          • Cyber Threat Landscape Intelligence
          • Data Breach Intelligence
          • Fraud Intelligence
          • Phishing Intelligence
          • Ransomware Intelligence
          • Supply Chain Threat Intelligence
          • Vulnerability Intelligence
        • Strategic and Geopolitical Intelligence
          • Competitor Benchmarking Intelligence
          • Corporate Risk Intelligence
          • Geopolitical Intelligence
        • Physical Risk Intelligence
          • Areas of Operation Intelligence
          • Events and Activism Intelligence
        • Brand Threat Protection
        • Industries
          • Education
          • Energy and Utilities
          • Financial Services
          • Government and Defence
          • Healthcare and Pharma
          • Media and Entertainment
          • Retail and Commerce
          • Service Providers
          • Technology and Telecoms
  • Alerts
        • Silobreaker Demo

          See a demo of Silobreaker in action

          Request a demo +

        • Free Intelligence Email Alerts
          • Weekly Vulnerability Monitoring Alert
          • Daily Cyber Alert
          • Weekly Cyber Digest
          • Financial Services Threat Alert
          • Ransomware Rewind
          • Russia-Ukraine Insights Alert​
          • US Politics Media Watch​
  • Resources
        • Silobreaker ROI

          Answer more intelligence use cases with a single tool

          Read our ROI Report +

        • Data SheetsDownload our product information
        • EventsMeet our team of experts
        • Customer StoriesLearn how customers reduce risk
        • BlogExpert insights, trends and tips
        • ReportsIn-depth analysis and insights
        • WebinarsOnline events you don’t want to miss
  • Partners
  • Company
        • Customer Support

          Get product support from our experts

          Contact support +
        • AboutLearn about our people and awards
        • CareersIt’s a great time to join Silobreaker
        • PressAll the latest buzz on the company
        • Contact usGet in touch with sales and support
  • Login
  • Request demo
  • Request demo
Menu
  • Request demo

← Back to Glossary

What is cyber threat intelligence? 

Cyber threat intelligence is evidence-based information about an existing or emerging threat to an organisation.

Cyber threat intelligence is created from the collection and analysis of data pulled from multiple sources, including open source, deep and dark web and finished intelligence sources.

The insights delivered must be unbiased and reliable so decision-makers can make timely decisions, to reduce risk.

“Cyber threat intelligence is evidence-based knowledge (such as context, mechanisms, indicators, implications, and actionable advice) about an existing or emerging threat that can be used to inform an organisation’s decisions and response to it.” Gartner

The intelligence cycle

The intelligence cycle is a process used by intelligence teams to prioritise and respond to the top risks to their organisation.

It starts with identifying priority intelligence requirements (PIRs), automating the selection, collection, and aggregation of multiple sources of data, analysing the data, and creating reports which can be disseminated across the organisation.

This allows for the identification of intelligence gaps and the creation of new collection requirements based on continual feedback, restarting the cycle.

Types of cyber threat intelligence

There are typically four types of cyber threat intelligence.

  • Tactical intelligence: Tactical intelligence identifies the tactics, techniques, and procedures (TTPs) of malicious actors. It helps security teams understand the capabilities and goals of the attackers alongside the attack vectors. This enables organisations to detect and respond to cyberattacks to mitigate risks.
  • Operational intelligence: Operational intelligence focuses on current and near-term threats. By investigating threat actors’ techniques, behaviours, motivations, and timings of an attack, it helps inform security teams day-to-day operations, including incident response and threat hunting.
  • Technical intelligence: Exploring the evidence of an attack provides security teams with the ability to understand the specific technical details of a threat. This type of intelligence analyses threats including malware, indicators of compromise (IOCs), IP addresses, phishing email content and malicious webpages.
  • Strategic intelligence: Strategic intelligence provides a long-term view of the threat landscape. It enables organisations to understand the financial and reputational impact of cyber threats to their business. It is used to inform strategic decision making, resource allocation and when organisations need to strengthen their security posture.

Types and sources of cyber threat intelligence

Types. Cyber threat intelligence data can be structured or unstructured. Structured data is organised and formatted. Examples include names, dates, addresses, credit card numbers or bank account numbers. It is easy to manipulate, search and sort.

Unstructured data includes written content on news sites and blogs, messaging platforms, social media posts or audiofiles, images and videos. It has no particular format and is not organised into a defined structure. It can’t be easily entered into a database and is difficult to process and analyse at scale.

Sources. The sources of cyber threat intelligence are both broad and varied.

The majority of cyber intelligence is gathered from open or publicly available sources that can be accessed and used by anyone. Open-source intelligence (OSINT) includes information available on the internet, in news, articles, blogs and social media posts, as well as data that is collected and shared by people or organisations.

Examples of open-source cyber intelligence include:

  • Malware mentions involving third-party vendors, as well as malware threat campaigns and their tactics, techniques and procedures
  • Lists of publicly disclosed Common Vulnerabilities and Exposures (CVEs)
  • Finished intelligence feeds, reports and bulletins and analyst research
  • Physical security developments like protests and conflicts that can impact cybersecurity
  • News, blogs and social media posts that expose zero-day threats and other breaking cybersecurity news

The deep web and dark web can also be sources of cyber threat intelligence.

Monitoring these communications can provide intelligence about new and emerging threats as well as potential vulnerabilities that organisations may need to address, the types of data that have been compromised, the tactics, techniques, and procedures (TTPs) being used by these groups and the organisations that have been targeted.

Why organisations need cyber threat intelligence

Cyber threats are rising in volume and complexity. Organisations need to be able to detect, understand and prioritise relevant cyber threats and vulnerabilities, accurately and in a timely manner.

Threat intelligence helps organisations identify ransomware, data breaches and phishing attacks that target executives, allows asset and ATP monitoring and minimises supply chain risk.

Effective real-time threat intelligence provides the context of an attack so security teams can understand the background and relevance to their organisation. It can then be used to prioritise risks and take the appropriate action to protect the organisation, in advance.

How organisations monitor cyber threats using cyber threat intelligence

Manual analysis

Many organisations use manual processes to select, collect and aggregate cyber data intelligence.

This can include searching for information using search-engines, like Google, social media platforms like Twitter, LinkedIn, and Reddit. It also involves subscribing to threat intelligence feeds and newsletters.

This requires time-consuming, labour intensive validation, de-duping and standardising of data, that can result in biased, inaccurate data that cannot be relied on for accurate decision-making.

Threat intelligence platforms

Threat intelligence teams often use cyber threat intelligence platforms.  These can select, collect and aggregate data from multiple sources, to deliver context and analysis. This helps organisations better understand the motivations, tactics, and capabilities of threat actors and make confident decisions to defend and respond to cyber threats quickly and effectively.

Silobreaker streamlines the intelligence cycle. Security teams can analyse and process complex data, create relevant reports and communicate to multiple stakeholders in a single workflow. This means security teams can track the development of incidents in real-time, seamlessly pivot between data sets, use cases, locations, and entity profiles. This approach delivers substantial efficiency gains when meeting priority intelligence requirements (PIRs), to reduce risk and response times, providing decision-makers with actionable intelligence faster.

FAQs

Get started today

Ready to try it for yourself? Request a demo of Silobreaker today.

Request demo
Silobreaker
Linkedin-in Facebook-f

Product

  • How it Works
  • Solutions
  • Industries
  • How it Works
  • Solutions
  • Industries

Log in

Resources

  • Alerts
  • Blog
  • Data Sheets
  • Webinars
  • Reports
  • Glossary
  • Alerts
  • Blog
  • Data Sheets
  • Webinars
  • Reports
  • Glossary

Partners

  • Integration Partners
  • Channel Partners
  • Integration Partners
  • Channel Partners

Company

  • About Silobreaker
  • Press
  • Careers
  • Services
  • Legal
  • Privacy Policy
  • About Silobreaker
  • Press
  • Careers
  • Services
  • Legal
  • Privacy Policy

Contact

  • Sales
  • Support
  • Offices
  • Sales
  • Support
  • Offices
Copyright © 2023 by Silobreaker Limited. All rights reserved.