Cofense Email Security

What is the difference between threat feeds and threat intelligence feeds?

What are Threat Feeds?

Threat feeds are a valuable way to gather information regarding adversaries and their capabilities and infrastructure. Threat feeds are made up of a large quantity of data but are usually not intelligence. 

What are Threat Intelligence Feeds

Threat Intelligence Feeds are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. Threat Intelligence Feeds concentrate on a single area of interest.

Then there are free threat feeds. These are almost always defined as data gathered solely from open sources. Because these threat feeds are essentially non-prioritized lists of data that come without context, they can sometimes add to the burden of a SOC, rather than reduce it. 

Sometimes a free feed can cost your organization time and resources, and often are not relevant to your business and security objectives. Threat data does not equal threat intelligence. But this doesn’t necessarily make feeds that provide raw data useless: they can still play a role in producing intelligence. Often, free threat feeds are the first place where organizations begin their threat intelligence journey.

When building a security program, organizations will often turn to free threat feeds when trying to assess their specific needs. However, to effectively evaluate a threat feed, you should ignore the “more feeds, more intel” mindset. Instead, focus on the relevance of the intelligence provided to your security and business operations and the source from which the intelligence is gathered. It’s a common misconception that a large quantity of threat intelligence feeds leads to more effective security. Unfortunately, threat feed overindulgence can lead to confusion, disorganization, and inaccurate threat reports. 

On the surface, threat intelligence feeds are precisely what they sound like — continuously updated feeds that provide external information or data on existing or potential risks and threats. In practice, however, the type of context (or lack thereof) these feeds provide is what sets them set apart from each other. With a threat intelligence feed, there are things to consider like update frequency, context, timely information, and delivery format.

The purpose of monitoring a threat feed is to find useful information about dangers online and the adversaries behind them. One critical step that most organizations need to take on their path to maturing a cybersecurity posture is to acquire threat feed data. 

Looking at intelligence reports about the various threats targeting organizations can provide a lot of awareness about cyber dangers and threat actors. But some organizations equate security with the number of feeds they subscribe to, not realizing that their analysts couldn’t possibly monitor the hundreds or thousands of threat reports generated every day. Having too many threat feeds is almost as bad as not having any at all. Unless you have some way of managing that information, there is just too much noise to identify the relevant attack reports needed to protect your organization.

Understanding how and from where your feeds get their information will help determine the process that turns data into actionable intelligence. All organizations need threat feeds and threat intelligence feeds but putting context around them is the crucial part.

Cofense Intelligence

Cofense Intelligence provides the phishing alerts, information, and insights you need to proactively defend your organization against phishing threats. Our unique combination of Artificial Intelligence, Machine Learning and Human Intelligencepaired with our 35M+ global reporters — makes it easy to get the information you need to protect your organization.

With Cofense’s unique security intelligence, you are armed with the weapons you need to identify, block, and investigate threats hitting your enterprise daily. This precise information is available in multiple forms for your teams to prepare and respond to active attacks to your network:

  • Human-readable threat intelligence reports provide deep-dive and trending analysis of your biggest threats. These reports include our expert analysis of the attack methodology. 
  • Machine-readable threat intelligence (MRTI) or threat intelligence that can feed directly into security devices and threat repositories. Firewalls, IDS/IPS, SIEM can now detect and block emerging threats at the earliest stages of the attack. 
  • SaaS investigation apps to investigate phishing and malware attacks. These on-demand tools provide the latest insight on which attacks are related and how the attacks are being executed.
  • Expert guidance from Cofense’s world-class security team to implement best practices to reduce threats against your network.

Phishing emails with malicious attachments or links continue to be a threat to bypass most organizations’ security stack and reach the end user. Cofense takes a fundamentally different approach in identifying threats as they emerge daily—before your network gets hit

Frequently Asked Questions

Threat feeds are a mechanism for users to receive current data on cyber intrusions, phishing and other types of fresh information on malicious activity. They are continuous data streams compiled via artificial intelligence to provide insights into risks and trends as they occur.

As with threat feeds, threat intelligence feeds compile and continuously update data regarding the threat landscape. This information is fed in real time to designated users to help them quickly and constantly evaluate possible cybersecurity threats. Threat intelligence information provided in the feeds can include information about the network and indicators of compromise (IoCs) such as anomalous account activity, nonhuman web-traffic anomalies and other irregularities. These feeds inform security teams, providing intelligence that helps them quickly prioritize and disposition issues.

Cofense Intelligence is a cybersecurity service designed to help enterprises stop dangerous malware and phishing attacks. Proprietary methods automatically identify top threats to the enterprise. Cofense Intelligence provides timely and actionable information, tools and coaching to enable businesses to decisively respond to attacks that would otherwise go undetected. Cofense’s actional intelligence is deliverable in multiple forms, reliable, published throughout the day, contextual and user friendly.

Learn more about phishing detection and response?

Explore our Resource Center for our latest content

Explore our database of phish found in environments protected by SEGs

Share This Article

Download our latest Phishing Review to learn about threat landscape trends.


We use our own and third-party cookies to enhance your experience. Read more about our cookie policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.