LetsDefend Academy

Online practicing and training platform for blue team members









Cyber Threat Intelligence (CTI)

What is Cyber Threat Intelligence?

If you are working in a defensive area in cyber security, you know that your organization is exposed to many attacks throughout the day.

Intelligence information plays an important role in cyber wars, as in wars. Thanks to the intelligence information, you can build necessary defense mechanisms before attacks and you can get the chance to be one step ahead of attackers.

If you know others and know yourself, you will not be beaten in a hundred battles.
If you do not know others but know yourself, you win one and lose one.
If you do not know others and do not know yourself, you will be beaten in every single battle.

Sun Tzu

Cyber threat intelligence is an intelligence type that collects data from many sources and passes through necessary filters and analyzes to determine the motivations, targets and TTPs of cyber attacks and cyber threat actors that may be against your organization.

CTI Lifecycle

Cyber threat intelligence goes through the following life cycle.

  1. Planning: Determining the purpose, objective and requirements of the CTI
  2. Collection: Collecting data from many sources
  3. Processing: Processing the collected data and making it ready for analysis
  4. Analysis: Analyzing the processed data, transforming the information into intelligence and making it ready for sharing
  5. Dissemination: Sharing threat intelligence data
  6. Feedback: Determining whether arrangements should be made for future threat intelligence operations by taking feedback from the reports shared.

Benefits of Cyber Threat Intelligence

Different threat intelligence services can provide you with different reports. In general, your organization can benefit in the following ways.

  • By providing intelligence information on cyber threat actors, it gives you the chance to closely monitor threat actors who could harm your organization.
  • By sharing IOC information obtained in cyber attacks against different organizations, it allows you to overcome possible attacks or to check whether you are affected by the cyber incident by using IOC information.
  • It allows you to detect shares that may damage brand value.
  • It allows you to detect of internal threats.