Definitions[]
Threat intelligence is
“ | the acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities that offer courses of action to enhance decision making. Threat intelligence and collaboration includes gathering, monitoring, analyzing, and sharing information from multiple sources on cyber threats and vulnerabilities.[1] | ” |
“ | [t]hreat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes.[2] | ” |
Overview[]
"Devices that manage switches, routers and firewalls often operate by digesting threat intelligence, converting that intelligence into rules, and sending those rules out to intra-network devices such as firewalls, routers and switches that match rules to packets. The ability to apply measures in real-time to new or different rules after the packet has cleared the gatekeeping firewall is called proactive security, which is a newer and more effective technology.[3]
References[]
- ↑ Cybersecurity Assessment: General Observations, at 3.
- ↑ NIST Special Publication 800-171B, App. B, at 51.
- ↑ Centripetal Networks, Inc. v. Cisco Sys., Inc., 2020 WL 5887916, at *7 (E.D. Va. Oct. 5, 2020).