Browse Definitions :
Definition

threat intelligence feed (TI feed)

A threat intelligence feed (TI feed) is an ongoing stream of data related to potential or current threats to an organization's security. TI feeds provide information on attacks, including zero-day attacks, malware, botnets and other security threats. TI feeds are vital components of security infrastructure, which help identify and prevent security breaches. Threat intelligence can be used to implement more granular security policies, as well as to identify potential characteristics or behaviors associated with that threat.

What is a threat intelligence feed?

Intelligence, in the military and other contexts, including business and security, is information that provides an organization with decision support and, possibly, a strategic advantage. Threat intelligence is a field within information security that focuses on collecting, analyzing and sharing data to help organizations gain visibility into their digital risks.

Threat intelligence is gathered to help organizations understand emerging threats in the cybersecurity landscape, including zero-day threats, advanced persistent threats and exploits. Threat actors may also include internal and partner threats, but the emphasis is on outside sources that might cause the most damage to a particular organization's environment.

Researchers, including information security analysts and security officers, collect data about possible threats from public and private sources. They analyze the data and create curated lists, or feeds, of potentially dangerous activity. Corporations and security professionals can then receive this information to determine potential risk and when they may need to respond to a cyber threat.

Threat intelligence 101

Sources of threat intelligence data

Types of TI feeds include free indicator feeds, paid feeds, bulletins, internal intelligence gathering and strategic partnerships. Organizations within the network security community offer free, open source TI feeds, including the SANS Institute Internet Storm Center and the U.S. Department of Homeland Security's Automated Indicator Sharing program. Such feeds are sometimes said to consist of threat data rather than threat intelligence because the data has not been analyzed and processed, as the term intelligence implies.

Other options include commercial products that provide vetted and aggregated data, as well as information-sharing communities specific to particular industries or focus areas. Free feeds need the most checking in terms of accuracy, but even information from paid feeds and bulletins should be subjected to regression testing and have Internet Protocol (IP) addresses and domains investigated to avoid accidentally blocking too many addresses.

For a list of the top feeds, read "5 cyber threat intelligence feeds to evaluate."

Features of threat intelligence platforms

Threat intelligence platforms have emerged to help businesses and security professionals view multiple TI feeds at once and to interface with other security products and tools they may be using. Common features of platforms include:

  • Security analytics. The main goal of threat intelligence platforms is to provide an organization or business with a single, unified interface to streamline the collection and analysis of threat intelligence data. Platforms may integrate with security tools like security information and event management, next-generation firewalls and endpoint detection and response. Security analysts or IT security staff may need to be specially trained by the platform to manage data feed information.
  • Consolidated data feeds. Intelligence platforms compile data feeds from multiple sources, such as a vendor's own global database and publicly available feeds. Examples of data feeds may include IP addresses, malicious domains/URLs, phishing URLs, malware hashes and more.
  • Alerts and reports. Platforms typically provide real-time alerts and generate reports based on daily, monthly or quarterly data. The reports may include information on emerging threats and threat actor motives.
Threat intelligence platforms combine several feeds

Threat intelligence use cases

Business and IT leaders can use TI feeds and the data they provide to improve many aspects of information security, including:

  • Security operations. A threat intelligence program can give security operations teams the ability to identify, disrupt and develop effective strategies for defending against the attacks. Threat intelligence can also help security teams contain attacks that are already underway.
  • Incident response. Security analysts use threat intelligence to identify threat actors, their methods and the potential vectors they use to gain access to systems. Armed with this knowledge, security staff can then predict which systems are most at risk and focus their resources on protecting those systems.
  • Vulnerability management. Threat intelligence can help security professionals combat threats by providing accurate and timely information on new and emerging threats, vulnerabilities and exploits.
  • Risk analysis. Threat intelligence provides contextual data for organizations when evaluating their risk profile. It is especially helpful for those using risk modeling to determine investment priorities.
  • Fraud prevention. Threat intelligence helps with fraud prevention by giving companies the knowledge they need to identify threats before they can cause major damage. For example, organizations may use threat intelligence to prevent typosquatting, compromised data and payment fraud.
  • Security leadership. Security leaders can benefit from using threat intelligence as a critical resource to assess business and technical risks and communicate those risks to management.

Learn more about using threat intelligence to protect corporate assets in "Threat intelligence frameworks to bolster security."

This was last updated in August 2021

Continue Reading About threat intelligence feed (TI feed)

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close