What is Cyber Threat Intelligence?

Table of Contents

Strategic Threat Intelligence

Tactical Threat Intelligence

Operational Threat Intelligence

View More guides on Cyber Threat Intelligence

What is Cyber Threat Intelligence?

  • Cyber Threat Intelligence

Posted on: August 22, 2018

What is Cyber Threat Intelligence?
The concept of ‘threat intelligence’, and the process for producing cyber threat intelligence is highly misunderstood. Raw data and information gathered from various sources is often mislabeled as threat intelligence by organizations. Cyber threat intelligence (CTI) is knowledge related to evidence-based data information--including overview, propagation methods, indicators of compromise (IoCs), impact and mitigative actions required--regarding a particular cyber threat against an organization. This knowledge is gathered after extensive analysis of related data collected through reliable sources. Cyber threat intelligence is used to assist enterprises to undertake necessary mitigation steps against the threat.

It cannot be stressed enough about how important the whole process of analysis is. Hence, depending on the form of analysis used to produce the intel, threat intelligence can be classified into three types, viz. Strategic, Tactical and Operational Intelligence.

Strategic Threat Intelligence


Strategic Threat Intelligence includes identifying and inspecting risks that can affect an organization’s core assets--such as, employees, customers, vendors, and the overall infrastructure. Development of strategic intelligence requires highly skilled human analysts to gather proprietary information, follow up on trends, identify threats and design defensive architecture to combat those threats. At the strategic level, threat intelligence presents highly relevant information in a clear and concise form, while outlining mitigation strategies that can aid an organization in the decision-making process. This form of intelligence includes historical trends, motivations or key attributions of an attack. It helps enterprises look at a bigger picture and set predominant goals to attain cybersecurity. 

Tactical Threat Intelligence


Tactical Threat Intelligence provides extensive and rich data on a current or existing threat that could be of more use for an analyst. Unlike Strategic, tactical is micro in its scope. This intelligence comes in the form of Indicators of Compromise (IoCs) which includes information on malicious domains, malware files, malicious URLs and virus signatures. Tactical intelligence is highly effective in analysing a cyber kill chain and thereby containing the attack in progress. With tactical intelligence in hand, organizations can act quickly and minimize the impact.

Operational Threat Intelligence


Operational Threat Intelligence is produced entirely by computers through data identification and collection using technologies like Artificial Intelligence and Machine Learning. This form of intelligence focuses mainly on how a threat actor is going to attack a company--who is most active, what are the targets, capabilities, intentions, etc -- at the operational level. It also examines other elements like how the attack would impact the organization and helps prioritize the operational assets from the security perspective.

Collectively all types of intelligence are important for an organization. They cannot pit strategic intelligence against tactical or operational intelligence to determine which is best. All three are equally essential and required to create an effective incident response.

Share Blog Post

Related Guides

What is a TAXII Server? How is it Different from a TAXII Client?
Everything You Need to Know About MITRE ATT&CK Framework
What is Cyber Threat Intelligence Sharing? And Why Should You Care?
Threat Intelligence Processing: The Key to Leveraging Unstructured Data
Walls Can Talk: An Introduction to Internal Cyber Threat Intelligence
Why is Correlation the Most Important Phase in Cyber Threat Intelligence Lifecycle?
What is Confidence Scoring in Threat Intelligence?
How to Choose the Best Threat Intelligence Platform for Your Security Team?
How to Build Your Own Cyber Information Sharing Community?
What is STIX 2.1? How is it Different From STIX 2.0?
What is STIX 2.x? How is it Different from STIX 1.x?
How Can You Tell if Your Cyber Threat Intelligence Program is Working Well?
What is Threat Intelligence Analysis?
What is Threat Intelligence Normalization?
What is Threat Intel Ingestion?
How Real-Time Cyber Threat Intelligence Sharing Enables Security Collaboration
The Benefits of Cross-Sectoral Threat Intelligence Sharing
What is a Connected Threat Intelligence Platform (TIP)?
How Useful is MITRE ATT&CK Framework in Threat Intelligence?
Significance of Threat Intelligence Platform (TIP) for Growing Teams
Combining SOAR and TIP for Intel-Driven SecOps
What is the Role of Threat Intelligence Platform (TIP) in a Security Operations Center (SOC)?
What is the Hub and Spoke Information Sharing Model?
The Concept of Pyramid of Pain
What are the Different Use Cases of a TIP?
Why Do MSSPs Need Automation?
What is the Diamond Model of Intrusion Analysis?
The Evolution of Threat Intelligence
Don’t Wait! Leverage Threat Intelligence
Why do Organizations Need to Leverage Actionable Threat Intelligence?
What is Technical Threat Intelligence?
What is Operational Threat Intelligence and Why is it Important?
What is Tactical Threat Intelligence and Why is it Important?
What is the Threat Intelligence Lifecycle?
Everything You Need to Know About a Threat Intelligence Platform (TIP)
5 Steps to Effective Cyber Threat Intelligence Program
Things to Consider When Choosing the Right Threat Intelligence Platform
Open Source or Commercial Threat Intelligence Platform - Which one is better?
What is Strategic Threat Intelligence Sharing and Why is it Important?
What is a Threat Intelligence Platform (TIP)?
Strategic vs. Tactical Threat Intelligence
Role of SOAR and TIP in Cyber Fusion
Information Sharing in Cyber Fusion
Role of Threat Intelligence in Cyber Fusion
What is Malware Information Sharing Platform (MISP)?
What is Signals Intelligence (SIGINT)?
What are Indicators of Compromise (IoCs)?
What is MITRE ATT&CK Framework?
What is Open Indicators of Compromise (OpenIOC) Framework?
What is the Cyber Information Sharing and Collaboration Program (CISCP)?

Related Guides

What is a TAXII Server? How is it Different from a TAXII Client?
Everything You Need to Know About MITRE ATT&CK Framework
What is Cyber Threat Intelligence Sharing? And Why Should You Care?
Threat Intelligence Processing: The Key to Leveraging Unstructured Data
Walls Can Talk: An Introduction to Internal Cyber Threat Intelligence
Why is Correlation the Most Important Phase in Cyber Threat Intelligence Lifecycle?
What is Confidence Scoring in Threat Intelligence?
How to Choose the Best Threat Intelligence Platform for Your Security Team?
How to Build Your Own Cyber Information Sharing Community?
What is STIX 2.1? How is it Different From STIX 2.0?
What is STIX 2.x? How is it Different from STIX 1.x?
How Can You Tell if Your Cyber Threat Intelligence Program is Working Well?
What is Threat Intelligence Analysis?
What is Threat Intelligence Normalization?
What is Threat Intel Ingestion?
How Real-Time Cyber Threat Intelligence Sharing Enables Security Collaboration
The Benefits of Cross-Sectoral Threat Intelligence Sharing
What is a Connected Threat Intelligence Platform (TIP)?
How Useful is MITRE ATT&CK Framework in Threat Intelligence?
Significance of Threat Intelligence Platform (TIP) for Growing Teams
Combining SOAR and TIP for Intel-Driven SecOps
What is the Role of Threat Intelligence Platform (TIP) in a Security Operations Center (SOC)?
What is the Hub and Spoke Information Sharing Model?
The Concept of Pyramid of Pain
What are the Different Use Cases of a TIP?
Why Do MSSPs Need Automation?
What is the Diamond Model of Intrusion Analysis?
The Evolution of Threat Intelligence
Don’t Wait! Leverage Threat Intelligence
Why do Organizations Need to Leverage Actionable Threat Intelligence?
What is Technical Threat Intelligence?
What is Operational Threat Intelligence and Why is it Important?
What is Tactical Threat Intelligence and Why is it Important?
What is the Threat Intelligence Lifecycle?
Everything You Need to Know About a Threat Intelligence Platform (TIP)
5 Steps to Effective Cyber Threat Intelligence Program
Things to Consider When Choosing the Right Threat Intelligence Platform
Open Source or Commercial Threat Intelligence Platform - Which one is better?
What is Strategic Threat Intelligence Sharing and Why is it Important?
What is a Threat Intelligence Platform (TIP)?
Strategic vs. Tactical Threat Intelligence
Role of SOAR and TIP in Cyber Fusion
Information Sharing in Cyber Fusion
Role of Threat Intelligence in Cyber Fusion
What is Malware Information Sharing Platform (MISP)?
What is Signals Intelligence (SIGINT)?
What are Indicators of Compromise (IoCs)?
What is MITRE ATT&CK Framework?
What is Open Indicators of Compromise (OpenIOC) Framework?
What is the Cyber Information Sharing and Collaboration Program (CISCP)?

The Virtual Cyber Fusion Suite