IronSights

Detection & response

Threat intelligence

Evidence-based knowledge about existing or emerging cyber threats, including attacker tactics, techniques, procedures, indicators of compromise, and contextual information used to inform defensive decisions.

Also known ascyber threat intelligenceCTIthreat feeds

In plain English

Threat intelligence is information about who is attacking, how they operate, and what to look for. It feeds into security tools (like Microsoft Defender) as known malicious IP addresses, domains, and file hashes — allowing defences to block known threats automatically while security teams focus on novel attacks.

Full definition

Raw security data is noise. Thousands of log entries, IP addresses, and file hashes tell you something happened, but not what it means or whether you should care. Threat intelligence turns that noise into something actionable: context about who is attacking, what techniques they are using, and which industries or regions they are targeting right now.

In practice, threat intelligence feeds into detection rules and decisions. If a known group is actively targeting Australian professional services firms using a specific lure to deliver a particular variant, that information lets a security team configure detection for that variant before it arrives. It also informs how an incident is investigated: knowing a threat actor's typical behaviour helps analysts look in the right places and move faster.

For most Australian SMEs, threat intelligence does not mean running your own research program. It means your security provider draws on feeds from sources like the and commercial threat platforms, then applies that context to your specific environment. IronSights incorporates threat intelligence into our Fortify monitoring service so detections are tuned to actual threat activity targeting Australian businesses, not generic global baselines.

Keep learning

More terms in the IronSights Glossary.