A Threat Intelligence Platform (TIP) is a technology solution that collects, aggregates and organizes threat intel data from multiple sources and formats. A TIP provides security teams with information on known malware and other threats, powering efficient and accurate threat identification, investigation and response. It enables threat analysts to spend their time analyzing data and investing potential security threats rather than spending their time collecting and managing data. Moreover, a TIP allows security and threat intelligence teams to easily share threat intelligence data with other stakeholders and security systems. A TIP can be deployed as either a software-as-a-service (SaaS) or as an on-premises solution.

Cyber threat intelligence comes in the following three basic categories:

• Strategic: it offers high-level analysis for less technical audiences. It may include information about business impacts and how the threat fits into broader trends in the threat landscape. Most strategic threat intelligence comes from open sources, such as local and national media, or white papers and reports.
• Tactical: it focuses on IoCs to enable immediate threat identification and elimination. Often considered the most basic form of threat intelligence, tactical threat intelligence is more easily generated and often automated.
• Operational: comes from examining the details of past known attacks. By understanding the details of “who?”, “what?”, and “how?”, security teams gain insight into the motives and sophistication of threat actors.