Analyst firm Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
That’s a mouthful, and it still leaves many in the dark about what all those words strung together might mean.
Simply put, threat intelligence is what you get after you collect and aggregate data from different sources, enrich it by applying relevant information, and analyze the resulting package to find answers.
Raw data are often mislabeled as intelligence. Log files and systems for aggregating events data are being relabeled as ‘threat intelligence.’ Collecting and analyzing data aren’t enough—the result has to feed into some kind of business purpose to be called ‘intelligence.’
Threat intelligence requires context, and it must be delivered in a form that can be used. ‘Contextualized intelligence’ contributes to the cacophony of noise without adding any new meaning. For a bonus eyeroll, let’s ban the word-soup that is ‘cyber threat intelligence.’