What Is Threat Intelligence?

The term “threat intelligence” is thrown around a lot these days, but it isn’t just hype. Here’s why it matters.

  • January 24, 2022 | Author: Khali Henderson
Learn More about this topic

Article Key

It’s a gross understatement to just say that cyberthreats are evolving faster than traditional enterprise security can keep up. Organizations large and small are straddling an impossible line between leniency that raises risk and restrictiveness that crushes security analysts in alerts. The right threat intelligence solution can help your clients strike the vital balance between operating without impediments and protecting systems and infrastructure from cyberthreats.

Threat Intelligence Components
Confusion between antivirus definitions and advanced cybersecurity solutions is most pronounced when it comes to threat intelligence. Yes, threat intelligence applications log and defend against known threats. But that’s just a baseline. Market-leading threat intelligence solutions can deliver much more, including:
  • IP reputation: there are billions of IP addresses, millions of domains and billions of URLs. How many can top-end solutions scan? All of them. In fact, Webroot’s BrightCloud Threat Intelligence service uncovers 60,000 malicious IP addresses every day.
  • Anti-phishing in real time: here’s a tidbit you likely didn’t know: the most dangerous phishing sites are live for just minutes (or maybe hours), not days. Static phishing lists fall flat against this level of dynamic threat. On the contrary, many threats have jumped to new URLs before those lists are even published. The answer? Real-time link analysis. Real-time defense can make all the difference given the massive successes cybercrooks are racking up in phishing scams.
  • Streaming malware detection: the key to stopping dynamic threats is to leverage machine learning to scan files packet by packet at the edge-device level. 
  • File reputation: good files and bad files have “tells.” Advanced threat intelligence solutions know the difference in real time. When we encounter threats or people we don’t trust in our offline lives, there’s usually something that just doesn’t look or feel right. Maybe we can’t put our fingers on it, but we simply don’t trust the person or situation in front of us. Through machine learning, that same ability to steer clear of trouble applies to cyberthreats. Threat intelligence solutions may not have human intuition to rely on, but they know, through billions upon billions of scans and outcomes, not just what threats tend to look like, but what benign data traffic, URLs, files, etc. tends to look like as well.
  • Predictive intelligence: from the comprehensive information gathering, threat intelligence algorithms also can detect threats that have never been seen before. And in the case of the most powerful solutions, they can predict where threats are likely to emerge, even from previously (or currently) benign sources. 
  • Support for remote and mobile work: work from home – or work from anywhere – is here to stay. The best solutions can protect users and devices everywhere. 

Talking with clients

Like so many aspects of cyber resilience[CF1], discussions with many clients about their need for threat intelligence begins with a frank talk about how antivirus isn’t enough. From there, you can break down all the features of threat intelligence, which exposes the limitations of basic antivirus just as a matter of course. 

For clients that know they need more than antivirus and are building out cyber resilience a block or two at a time, we recommend leading with the three big benefits that tend to resonate the most:
  • Real-time anti-phishing that protects them from human error
  • Comprehensive coverage for both fixed and mobile devices
  • Machine-learning intelligence that protects them from all known threats as well as unknown threats

Related Content