Defining Threat Intelligence

In my younger days, I’d enjoy reading many books. I went through a phase where I really enjoyed Stephen King stories. One of my favourites being ‘Christine’, the story of a car that was possessed by a demon or something.

I’d often come across new words that I didn’t understand. And being before the days of the internet, I couldn’t be bothered looking up the word in the dictionary, so I’d try to guess the meaning of the word. Often times I’d be correct or close – but other times I’d be wildly wrong in my assumption.

Often, I wouldn’t know that I was using a word incorrectly until someone would point out that what I was saying / writing made no sense.

In much the same way, I think the term threat intelligence has been adopted by many, but the true meaning, intent, and purpose is understood by few.

I guess I’ve got to that point in life where I am comfortable asking someone what something is when I don’t fully understand it. So, I sought out the opinion of AlienVault’s Russ Spitler who explained the core concept as being information about malicious actors, their tools, infrastructure and methods.

A more detailed breakdown of Russ’s thoughts can be found in an interview here.