Data must be analyzed to be considered threat intelligence. Once analyzed and actionable, then it becomes threat intelligence. The data needs context around to become intel.
Cyber Thread Intelligence (CTI) is a precautionary measure that companies use or contribute to so that other corporations do not get hit with the same attacks. Of course, adversaries change their TTPs all the time so the TI landscape is constantly changing.
Vendors and corporations will sometimes share their collected CTI in what are called ISACs or Information Sharing and Analysis Centers. ISACs collect various indicators of an adversary that other corporations can use as a precaution against adversaries.
Threat Intelligence is also broken up into three different types.
Strategic
Tactical
Operational
TTP is an acronym for Tactics, Techniques, and Procedures, but what does each of these terms mean?
TI is an acronym for Threat Intelligence. Threat Intelligence is an overarching term for all collected information on adversaries and TTPs. You will also commonly hear CTI or Cyber Threat Intelligence which is just another way of saying Threat Intelligence.
According to the National Council of ISACs, "Information Sharing and Analysis Centers (ISACs) are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators". ISACs can be community-centered or vendor-specific. ISACs include CTI from threat actors as well as mitigation information in the form of IOCs, YARA rules, etc. ISACs maintain situational awareness by sharing and collaborating to maintain CTI, through a National Council of ISACs.
Social_engineering