Skip to main content
Security Scorecard

What are Threat Intelligence Feeds?

Sarah Daily
Posted on October 4th, 2021

Threat intelligence feeds enable organizations to stay informed about indicators of compromise (IoCs) related to various threats that could adversely affect the network. These feeds also help to inform tools like SecurityScorecard’s Security Data by providing a source of information to collect, analyze and share with customers.

What are threat intelligence feeds?

Any cybersecurity risk data that organizations can use to better understand their overall threat landscape is considered threat intelligence. For example, threat intelligence information may include information that provides visibility into the current state of the network, identification of IoCs such as anomalous account activity, unhuman web traffic behavior, and other irregularities, or recently discovered zero-day exploits.

Threat intelligence feeds are continuous data streams filled with threat information collected by artificial intelligence. These feeds provide information on cybersecurity threats and trends in real-time, enabling organizations to proactively defend against attacks. Security teams can also use this information to better understand potential hackers' tactics, techniques, and procedures and improve their security posture accordingly.

A multitude of open-source threat intelligence feeds exist, including the following:

Integrating these feeds into a security platform also makes it possible to leverage threat intelligence and turn it into actionable insights.

How do threat intelligence feeds collect data?

Each threat intelligence feed may collect data from several sources. Potential sources include the following:

  • Open-source data that is collected by and shared among cybersecurity professionals
  • Customer telemetry information from security companies that aggregate this information across multiple organizations/users
  • Crawling the internet to search for exploits and attacks
  • An understanding of malware properties gained by running identified malware in a safe sandbox

Often open-source threat intelligence feeds will focus on one specific security area or type of threat, taking data from multiple sources and streaming it in real-time. The real-time nature of the feed is critical because time is of the essence when it comes to preventing threats to the network.

Types of threat intelligence

Cyber threat intelligence comes in the following three basic categories:

  • Strategic: This type of threat intelligence offers high-level analysis for less technical audiences. It may include information about business impacts and how the threat fits into broader trends in the threat landscape. Most strategic threat intelligence comes from open sources, such as local and national media, or white papers and reports.
  • Tactical: This type focuses on IoCs to enable immediate threat identification and elimination. Often considered the most basic form of threat intelligence, tactical threat intelligence is more easily generated and often automated.
  • Operational: Operational threat intelligence comes from examining the details of past known attacks. By understanding the details of “who?”, “what?”, and “how?”, security teams gain insight into the motives and sophistication of threat actors.

Security teams must develop a way to best use the feeds. For example, depending on the particular feed, the data may be raw, contain a mix of relevant and irrelevant details, and may not include a clear indication of what to do with the threat information to avoid or mitigate an attack. To handle this, security professionals may use the feeds to generate automatic alerts, or they may integrate these feeds with other security tools, leveraging built-in threat response capabilities and automation.

Why is it important for security analysts to leverage threat intelligence?

Because the threat landscape is constantly changing and growing increasingly complex, security analysts need the real-time actionable intelligence that comes from a threat intelligence feed if they want to stay one step ahead of bad actors. Basic security measures simply aren’t enough.

Staying informed on the current state of cyber threats via threat intelligence also provides teams with timely and accurate data, reduces time spent on data collecting, and allows for proactive threat mitigation.

Spend less time collecting data

Threat intelligence that is curated for your organization and delivered automatically saves your security team time. If instead, the team must sift through data manually, not only does this eat into time better spent making decisions or responding to threats, but it’s easier for them to miss threats or discover them too late.

Automating the more tedious parts of threat intelligence and integrating threat intelligence with your existing security programs and solutions improves your team’s ability to identify and respond to threats with enriched insights. This frees up time, allows you to extend the lifespan of legacy solutions, and even helps maximize your ROI.

Proactively mitigate and address security threats

Threat intelligence feeds allow organizations to create metrics that quantify and rank threats, enabling them to prioritize the most significant potential vulnerabilities. Information from these feeds also helps security teams learn about the methods used by potential hackers, allowing them to better protect against them.

Ultimately this leads to better allocation of time and resources used for threat management, improving monitoring, threat identification, and incident response times, and making it possible to address security threats proactively before they become a problem.

Timely and accurate data

Because threat intelligence feeds deliver threat data in real-time, security teams will learn about potential issues as soon as they are discovered. This is key because slower threat responses lead to larger data breaches and significant recovery costs. When the threat data has been intelligently curated and managed, you can also rely on its accuracy. Security teams can correctly identify false positives, for example, and avoid the time and expense of unnecessary threat responses.

SecurityScorecard’s Security Data helps organizations stay up-to-date with the latest threat intelligence

SecurityScorecard’s global security intelligence engine scans the internet to identify vulnerabilities, makes use of honeypots and sinkholes, and combines its findings with data from commercial and open-source threat feeds. Collecting millions of data points and using advanced machine learning made the industry's most comprehensive and relevant security intelligence database possible.

SecurityScorecard’s Security Data provides an unparalleled breadth and depth of cybersecurity information that enables continuous monitoring of risk posture, scaling of risk management programs, and reduction of costs.

SecurityScorecard's Security Data product is a global security intelligence engine that leverages a number of threat intelligence feeds to provide the world's most comprehensive source of cybersecurity data.

Return to Blog
Join us in making the world a safer place.