Toutes nos fiches > Cyber threat intelligence
Published on 08/11/2025
Cyber threat intelligence, in plain English
DEFINITION

Cyber Threat Intelligence (CTI) refers to all the processes, tools and data used to collect, analyse and share information on cyber threats.

WHO? WHO? WHY?

The aim is to answer these questions in order to anticipate
malicious actions and strengthen the defence of systems
information.

  • Identifying threat actors
  • Recognising attack techniques
  • Anticipating exploited vulnerabilities and malicious campaigns
  • Strengthening prevention, detection and response measures
  • Strategic and operational decision-making support in cybersecurity
THE CHARACTERISTICS OF CYBER THREAT INTELLIGENCEEXPLANATIONS
Types of informationTactics: Information on techniques, tactics and procedures (TTP)
Operational : Details of specific current or past events.
Strategic : High-level analysis of threats, their motivations and
objectives | Technical details : Raw data and indicators that can be used directly
with tools
Sources of CTIOSINT | Commercial sources : Threat Intelligence providers | Community sharing : ISACs, open-source projects, exchanges between CERTs | Internal sources : logs, past incidents, malware or network analyses
CTI tools and platformsMITRE ATT&CK : database of TTPs used by attackers | MISP : threat intelligence sharing platform | STIX/TAXII : standard formats for exchanging information Monitoring tools : VirusTotal, Shodan, ThreatConnect...
ANALYSIS
Giuliano Ippoliti, Director of Cybersecurity at Cloud Temple

"To compete with the great powers
particularly the United States and
China, the EU Member States
European countries have every interest in pooling
their skills in
cybersecurity and to strengthen their cooperation.
This text is part of this dynamic by
including the strengthening of
prerogatives of ENISA, the promotion of
large-scale certification schemes
and consolidating synergies
between Member States.

THE CTI LIFE CYCLE
  • Planning: what needs, what threats?
  • Information gathering (tools, monitoring, sources)
  • Processing the data collected
  • Analysis process: correlation, sorting, contextualisation
  • Distribution: sharing with the right people or tools
  • Feedback: assessing relevance and continuous improvement

To be relevant, threat intelligence must be contextualised, shared and used effectively within the organisation. Similarly, data manipulation must not involve confidential or personal data.

Practical information
Previous page
Receive the latest cloud news
Subscribe to our newsletter
Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse