Threat intelligence is curated information about an existing or emerging cyberthreat that can be distributed for the purpose of improving defenses against a specific attack. Going beyond IP addresses, hashes, and other core threat identifiers, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary.

Through leadership within the threat intelligence sharing community and by developing technologies that more easily share and use threat intelligence, we help customers better identify and stop attacks.

Cyber Threat Alliance

Leading cybersecurity solution providers, including McAfee, have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them.

Learn More

Resources

two-men-in-discussion Blog

Cyber Threat Alliance
computer-codes Solution Brief

Operationalizing Threat Intelligence

Our Technologies

McAfee Global Threat Intelligence

McAfee Global Threat Intelligence is a cloud-based threat intelligence service, leveraged by all McAfee products, that helps protect against known and emerging cyberthreats.

Learn More

McAfee Threat Intelligence Exchange

McAfee Threat Intelligence Exchange optimizes threat prevention by narrowing the gap from malware encounter to containment from days, weeks, and months down to milliseconds.

Learn More

Data Exchange Layer (DXL)

DXL unites disparate security solutions, across multiple vendors, with an open communication platform that enables security products to share threat information.

Learn More

Threat intelligence sharing standards & government initiatives

Standards

TAXII™, the Trusted Automated eXchange of Indicator Information

A set of services and message exchanges, enabling automated and secure sharing of cyberthreat information.

TAXII

STIX™, the Structured Threat Information eXpression

A structured exchange format used to convey specific cyberthreat information.

STIX

CybOX™, the Cyber Observable eXpression

A language for encoding “cyber observables,” providing a standardized representation of facts in the cyberdomain.

CybOX

Government Initiatives

U.S. Cybersecurity Information Sharing Act of 2015 (S.754)

A U.S. federal government law that allows for the sharing of threat intelligence information.

U.S. Cybersecurity Information Sharing Act

U.S. Executive Order 13691—Commission on Enhancing National Cybersecurity

A U.S. presidential executive order forming a commission chartered to make recommendations to strengthen cybersecurity.

U.S. Executive Order

Information Sharing and Analysis Organization (ISAO) Standards Organization

Chartered to identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs, leading to more consistent sharing alliances.

ISAO

US-CERT—Automated Indicator Sharing (AIS) Tool

Enables the exchange of cyberthreat indicators between the U.S. federal government and the private sector at machine speed.

AIS Tool