Threat intelligence

Threat intelligence is controlled, calculated, and refined information about potential or current attacks that threaten an organization. The primary purpose of this kind of intelligence is to ensure organizations are aware of the current risks, such as Advanced Persistent Threats (APTs), Zero Day exploits, and other severe external threats, such as information about a million credit cards being stolen from retail Company A through APTs, and this alert being already passed on to Company B to step up their security.

However, it is most likely that organizations take a very long time to make an actionable decision due to a lack of trusted sources, and also the cost involved due to the nature and probability of the threats. In the preceding example, Company B may have 2,000 stores to replace, or may have to halt all transactions.

This information can be potentially utilized by attackers to exploit the network. However, this information is considered to be a passive reconnaissance activity since there has, as yet, been no direct attack launched on the target.

Penetration testers or attackers will always subscribe to open source threat intelligence frameworks, such as STIX and TAXII.