Threat Intelligence
The systematic collection, analysis and use of information about cyber threats to support informed decisions about organisational defence.
What is Threat Intelligence?
Threat Intelligence (CTI - Cyber Threat Intelligence) is evidence-based knowledge - context, mechanisms, indicators, implications and recommendations - about existing or emerging cyber threats. Unlike raw data (e.g. a list of IP addresses), threat intelligence includes analysis, context and actionable recommendations.
Threat intelligence operates at three levels. Strategic - reports for senior management on threat trends, actor motivations and industry risks. Operational - information about specific campaigns, TTPs (tactics, techniques, procedures) of attacker groups and planned operations. Tactical - technical indicators of compromise (IoCs): IP addresses, C2 domains, malware hashes, YARA rules.
Threat intelligence sources include commercial feeds (Mandiant, Recorded Future, CrowdStrike), open sources (OSINT), information-sharing platforms (MISP, STIX/TAXII), national CERT reports, internal analysis from incidents and threat hunting, and industry-specific sharing groups (ISACs/ISAOs).
Why does it matter?
Threat intelligence enables a shift from reactive security (responding to incidents after they occur) to a proactive approach (preparing defences based on knowledge of actual threats). It helps prioritise security investments, tune detection rules to current attacker TTPs and identify incidents more quickly.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.