Threat Intelligence System
Threat intelligence is evidence-based knowledge, including context, indicators, implications, and actionable advice, that can provide information about an existing or emerging threat to an asset that can be used to inform decisions as to how the organization should respond to that threat. Common forms of threat intelligence data include security threats, threat actors, exploits, malware, vulnerabilities, and compromise indicators.
Figure 1 – A threat intelligence system architecture.
Figure 1 shows collection, analysis, distribution and use of analysis information in a threat intelligence system. The data is automatically distributed to attack mitigation components in the enterprise, providing automatic updates of security configurations. The automatic updates can extend to cloud consumers’ browser protection systems.
Attackers commonly attempt to take advantage of web browsers and their vulnerabilities. Threat intelligence can provide whitelists and blacklists of safe and compromised websites that can alert for new vulnerabilities and when security patches are available.