What is threat intelligence?
Walking the expo halls of RSA this year, threat intelligence and its many variations were touted by a significant percentage of the 500+ exhibitors. While some offerings had impressive visualisations, others promised to provide context, actionability or provided attribution. Whilst providers of threat intelligence have their own definitions and understanding of what it constitutes - asking the attendees on the show floor yielded an extremely diverse set of opinions.
From the response we got, the only thing that is clear is that much confusion exists about the exact definition of threat intelligence. Whilst different sources of threat intelligence exist and much can be debated about the value each set of data provides, at a high level I like to break down threat intelligence as having the following primary defining characteristics:
- It is the context of a threat supplied along with indicators of compromise that can be used to identify the presence of a threat within an environment
- It allows the company to make security decisions about defense. Or in other words, gives users enough information to allow them to find additional threats, or prevent them before they happen.
What does threat intelligence mean to you and how do you use it within your organization? We’d love to hear your views.