About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Welcome to the Cofense Blog

Get the latest information on phishing threats and trends, BEC, ransomware and credential phishing, plus Cofense product updates.

Follow us on Social Media

There’s threat data and then there’s threat intelligence, do you know the difference?

The intelligence-led security approach is gaining traction in corporate security circles.  However, we’ve noticed that the term threat data is often confused with threat intelligence.

It’s an easy mistake to make, yet very important to distinguish between the two – one represents the “old way of doing things,” while the other brings about a new era in corporate security and brand protection. In this article, we’ll discuss threat intelligence and how it differs from threat data.

The Difference between Threat Intelligence and Threat Data

#1: Threat intelligence is verified. Threat data is just a list.

Modern threat intelligence has been verified, while traditional threat data is a list of random data points, such as IP addresses or URLs.  Verified intelligence without false positives produces actionable intelligence that security professionals can rely on to protect their brands from cybercrime.

#2: Threat intelligence is actionable. Threat data is noisy.

Modern threat intelligence gives you enough information for you to take swift and immediate action to stop a threat. Threat intelligence allows you to bring together your network and people with the solution. Rather than “educate” machines with threat data, threat intelligence relies on the analysis and action of your human capital in order to drive success.

Threat data, on the other hand, has a high signal-to-noise ratio. The majority of data found on traditional lists is meaningless and it requires a large effort to sift through high volumes of data to find something meaningful.

#3: Threat intelligence is reliable. Threat data is full of false positives.

Threat intelligence provides a clear picture of what is really going on because it has been filtered to remove information that is not directly relevant to protecting the brand. True threat intelligence has been analyzed, vetted and tested – binaries clicked, URLs followed, threats detonated in sandbox environments. Traditional threat data contains many false positives, false URLs, dead URLs, dead IP addresses.

If an organization is working with old school threat data, then they’re just importing white lists, gray lists, or black lists. They’re going to be chasing ghosts for a good bit of their career, trying to find out what’s there and what’s not.

Threat data has bad habit of constantly crying wolf.  After a while, you stop believing the kid crying wolf.  Then, you stop worrying if there’s a wolf there.  If you have actionable intelligence, however, you know where the wolf is every time.