What are the first things that come to mind when you think about threat intelligence? Is it STIX/TAXII? CybOX? Third-party threat feeds? Indicators of compromise (IoCs)? These threat intelligence solutions all have one thing in common: They are mainly focused on the tactical level. That means they provide information to the tier-one and tier-two analysts within your security operations center (SOC).

Moved to Tiers

An effective threat intelligence capability is pervasive and persuasive up to the highest levels of an organization, including the chief information security officer (CISO), other executives and the board. It should have a firm grasp of information levels and flows and be able to provide actionable intelligence strategically, operationally and tactically.


At the strategic level, threat intelligence is the ability to contextualize the perceived threat into what it means for the business. It presents highly relevant information clearly, concisely and without jargon and outlines mitigation strategies to aid in the decision-making process. This capability is absolutely vital. If intelligence is not behind the wheel of your security vehicle, what is?


Threat intelligence should be an indispensable component of any enterprise network’s day-to-day defense. Your threat intelligence analyst can help you understand how information flows between relevant teams and stakeholders, what actions should be taken and how it all relates to security policies, processes and procedures. Are your teams flooded with irrelevant information, or is there a steady stream of actionable intelligence?


So your security strategy is now intelligence-driven, and the flow of information is entrenched in business-as-usual working practices. What now?

You might focus on delivering relevant, reliable intelligence to the lower-tier analysts at the security incident and event monitoring (SIEM) coalface. You can save valuable analyst time by scrutinizing the IoCs and feeds received with an understanding of the attack surface to filter out irrelevant information.

Threat Intelligence: Where to Start?

Need help developing your threat intelligence capability? See how IBM’s Security Intelligence and Operations Consulting (SIOC) services and X-Force Threat Intelligence can help you do things more intelligently.

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…