Cyber Threat Intelligence (CTI)
What is Cyber Threat Intelligence (CTI)?
Cyber Threat Intelligence (CTI)Evidence-based knowledge about adversaries, their motivations, and methods, used to inform defensive decisions and prioritize controls.
Cyber Threat Intelligence is the discipline of collecting, processing, analyzing, and disseminating information about cyber threats so that defenders can make better decisions. It transforms raw signals (malware samples, leaked credentials, dark-web chatter, telemetry) into curated intelligence about who is targeting the organization, what they want, and how they operate. CTI is usually divided into strategic, operational, and tactical tiers, each serving a different audience from executives to SOC analysts. Mature programs feed CTI into SIEM, EDR, vulnerability management, and incident response, shortening detection and response time.
● Examples
- 01
Receiving a STIX/TAXII feed of IoCs associated with a ransomware affiliate.
- 02
Briefing the board on geopolitical risk influencing the threat landscape.
● Frequently asked questions
What is Cyber Threat Intelligence (CTI)?
Evidence-based knowledge about adversaries, their motivations, and methods, used to inform defensive decisions and prioritize controls. It belongs to the Defense & Operations category of cybersecurity.
What does Cyber Threat Intelligence (CTI) mean?
Evidence-based knowledge about adversaries, their motivations, and methods, used to inform defensive decisions and prioritize controls.
How do you defend against Cyber Threat Intelligence (CTI)?
Defences for Cyber Threat Intelligence (CTI) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cyber Threat Intelligence (CTI)?
Common alternative names include: Threat intelligence, CTI.