Defense & Operations
Cyber Threat Intelligence (CTI)
Also known as: Threat intelligence, CTI
Definition
Evidence-based, contextualised knowledge about cyber threats that helps defenders make faster, better-informed security decisions.
Cyber Threat Intelligence is the discipline of collecting, processing, and analysing data about adversaries — their motives, capabilities, infrastructure, and tradecraft — and turning it into actionable knowledge. Sources range from open-source feeds and dark-web forums to commercial vendors, ISACs, and an organisation's own telemetry. Good CTI is timely, accurate, relevant, and tailored to a specific audience (executives, hunters, SOC analysts). It feeds detections, hunts, vulnerability prioritisation, and strategic planning, and is typically segmented into strategic, operational, and tactical levels.
Examples
- A report attributing a wave of healthcare ransomware to a specific affiliate and listing their TTPs and IoCs.
- Weekly intelligence briefings sent to the executive team about geopolitical risks affecting the company.
Related terms
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Tactical Threat Intelligence
Tactical Threat Intelligence — definition coming soon.
Strategic Threat Intelligence
Strategic Threat Intelligence — definition coming soon.
Operational Threat Intelligence
Operational Threat Intelligence — definition coming soon.
Indicator of Compromise (IoC)
Indicator of Compromise (IoC) — definition coming soon.
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.