What is threat intelligence? Simply put, it\u2019s evidence-based knowledge about a cyber menace that can help inform your team\u2019s response. The best threat intelligence includes context, mechanisms, indicators, implications, and actionable advice. Yet despite it being an easy-to-grasp concept, threat intelligence is one of the most widely misunderstood aspects of cybersecurity today.\n\nMany people don\u2019t understand the distinction between different aspects and types of threat intelligence. This means they\u2019re missing out on how valuable it can be in preventing attackers from wreaking extensive damage.\n\nThe result is a dangerous delay in attack detection and potential response. A recent survey from the Anomali Threat Research team and Harris Poll of 800 cybersecurity decision makers shows that, on average, enterprises take several days to detect known cyberattacks. For example, it takes 2.9 days to detect attacks from nation states and 3.6 days to detect attacks from cybercriminal organizations.\n\nTo understand this delay and how relevant threat intelligence can help, let\u2019s start with an analogy.\n\nAlarms can tell you something happened.\n\nOrganizations can treat cybersecurity like a homeowner treats home security, installing an alarm to protect the house from break-ins. Assuming the sensor is activated, the alarm goes off once someone breaks in. Hopefully, the police arrive in time to arrest the thief. However, the homeowner is left to repair the damages\u2014and, of course, there\u2019s the risk that the police don\u2019t arrive in time or that the thief knows a way around the sensor.\n\nThe point is that the alarm doesn\u2019t enable the homeowner to prevent a specific break-in. Instead it helps to mitigate the damage once a break-in occurs.\n\nIn the cybersecurity world, this is similar to security controls that issue an alarm if they recognize that a cyberattack is happening. If the organization is lucky, it can then quickly respond to block the attacker and limit further damage\u2014but who wants to depend on luck when it comes to cybersecurity?\n\nThreat intelligence tells you something is about to happen.\n\nNow think about what takes place before a home break-in. Would-be burglars often conduct reconnaissance, driving through the neighborhood to see which homes have alarms. They might ring the doorbell to make sure no one is home. A smart doorbell could capture this video. Correlating this video with other security feeds from the street could show that the same person has been conducting reconnaissance and is likely to attempt a break-in.\n\nWith knowledge of an impending break-in, the homeowner or a group of homeowners could take steps to prevent it. They could invest in private security patrols, start a neighborhood watch program, or provide police with information that points to the perpetrators.\n\nThat\u2019s the value of relevant threat intelligence. You can identify bad actors and behaviors ahead of a damaging attack, predict what will happen, and take preventive action. Here are some questions that relevant threat intelligence can answer:\n\nWith relevant threat intelligence, security teams get the context needed to prevent attacks and address threats rapidly and effectively.\n\nWhat if the problem is too much threat intelligence? \n\nUnlike the homeowner in our analogy, an enterprise faces huge amounts of information about potential threats. There are billions of malicious IP addresses at any point in time and tens of billions of events happening on the network. It\u2019s a continuously evolving, enormous data set. \n\nThat\u2019s not all an enterprise needs to think about, either. What about the servers on your network? Which ones have been touched by threats, are misconfigured, or are vulnerable to a new threat? Can your team continuously compare a billion data points to answer these questions? Not likely.\n\nBig data analytics can hone your focus on relevant threat intelligence.\n\nTo make threat intelligence relevant and actionable, you need a big data solution. This automates the process of collecting and analyzing internal and external threat information and intelligence, including indicators of compromise (IOCs), observed behaviors, adversary knowledge, and threat models.\n\nBy automatically analyzing and transforming threat intelligence, the right solution helps security teams quickly understand threats, determine impact, and respond quickly\u2014like the savvy homeowner who recognizes reconnaissance and takes steps to prevent a break-in.\n\nNow that you better understand threat intelligence, how can you use it to improve your security operations? Watch the webinar \u201cClimbing the Threat Intelligence Maturity Curve\u201d to get helpful, real-world insights.