Gartner Research

How to Collect, Refine, Utilize and Create Threat Intelligence

Published: 03 October 2016

ID: G00303822

Analyst(s): Anton Chuvakin , Augusto Barros


Threat intelligence has emerged as a key component of security architecture that helps technical professionals detect, triage and investigate threats and make their security architecture more resilient. This assessment compares types of threat intelligence data and outlines common usage patterns.

Table Of Contents


  • What Is Threat Intelligence?
  • Types of Threat Intelligence
    • Difference in TI Usage by Type
    • Sources of Threat Intelligence
  • Value of Threat Intelligence
    • Is Threat Intelligence for You?
  • Requirements for Threat Intelligence
  • Selecting Threat Intelligence Sources
    • Selecting Tactical Threat Intelligence Data Feeds
    • Selecting Strategic Threat Intelligence
  • Threat Intelligence Use Cases
    • Key Use Cases for TI
  • Develop Threat Intelligence Life Cycle
    • Using Threat Intelligence
    • Making Better Threat Intelligence — TI Fusion
    • Creating Your Own TI
  • Infuse Essential Security Processes With Threat Intelligence
    • Key Threat Intelligence Management Processes
    • Key Security Processes That Use Threat Intelligence
  • Define and Build Your Organization Intelligence Capabilities
    • How to Start Your TI Capabilities
    • Personnel Involved in Threat Intelligence
    • Threat Intelligence Platforms
  • Threat Intelligence Capability Maturity
    • Growing TI Maturity
    • Measure TI Value for Your Organization
  • Strengths
  • Weaknesses


The Details

  • Challenges With Defining Threat Intelligence
  • Sources of TI Data
    • Standards and Protocols Related to Threat Intelligence
  • Threat Intelligence Providers: An Overview

Gartner Recommended Reading

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.