Threat Intelligence is derived from continuously analyzing extremely large amounts of data with the goal of organizing and adding context to actual cyber threat activities, trends and attacks. Threat intelligence can come from external threat intelligence feeds, internal networks, analyzing past attacks, and human research.
When threat intelligence is leveraged businesses can use it to proactively update their endpoint and network security in real-time without the need of manually updating network security environments. This allows organizations to continuously stay ahead of cyber threats and cyber criminals while adding more certainty that they're protected from the latest cyber attacks.
The best threat intelligence is typically gathered by always-on active sensors (threat feeds), machine learning and artificial intelligence (AI). Antivirus programs can act as active sensors that feed data into a common threat intelligence network which is then used by the entire user base. When one endpoint device encounters a threat, that intelligence can automatically update the greater threat intelligence network. Artificial intelligence and machine learning is essential when it comes time to turn mass amounts of data into actionable threat intelligence.
A threat intelligence network is a collection of always-on, always updating and always learning feeds that create the foundation of cloud based network security. The power of threat feeds allow individual devices and networks to leverage the intelligence of millions of devices to protect their endpoints and networks.
Top threat intelligence feeds can have hundreds of millions of devices acting as security sensors that feed threat intelligence to all users that subscribe to that feed. Hundreds of thousands of security updates per day can occur automatically and seamlessly to end users and networks.
With a robust threat intelligence network, policies can follow users wherever they go to ensure their protected from worldwide threats. Any requests for the internet initiated by a user on travel will get processed quickly at the nearest data center, but reporting, alerts, logs, and the like will stay in the user’s preferred geography.
Many businesses are finding that cloud based network security can ultimately replace legacy firewalls, appliances, software and much of the resources required to patch and update in traditional environments. That is why threat intelligence network technology is gaining in popularity and pushing cloud based network security and security as a service into small and medium sized businesses.