// THREAT DETECTION AND DATA PRIVACY TERM
Intelligence Cycle
The intelligence cycle is the process of converting raw information into actionable intelligence for decision-makers. It's a structured sequence of steps that includes planning what to find, collecting the information, processing it, analyzing it, and finally, distributing it to the right people.
TECHNICAL DEFINITION
The Intelligence Cycle is a foundational model in intelligence agencies and military organizations for transforming raw information into finished, actionable intelligence. This process includes the phases of Planning and Direction, Collection (e.g., HUMINT, SIGINT, OSINT), Processing and Exploitation, Analysis and Production, and Dissemination and Integration, guiding operations from initial requirements to final intelligence product delivery to policymakers.
BACKGROUND
Cyber threat intelligence (CTI) is a part of cybersecurity that focuses on collecting, analyzing, and sharing information about potential or existing cyber threats. It gives organizations the information needed to predict, prevent, and respond to cyberattacks, enabling them to understand attackers’ behavior, tactics, and the vulnerabilities they exploit.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- intelligence process
- the cycle
- information cycle
- intelligence workflow
- PCPAD
- intelligence loop
USAGE NOTE
While often depicted as a simple loop, in practice, the phases of the intelligence cycle frequently overlap and interact dynamically.
DEVELOPERS
Organizations developing technology related to Intelligence Cycle.
Develops data integration and analysis software platforms, such as Gotham and Foundry, used by government intelligence agencies and defense organizations to manage the entire intelligence cycle, from data collection and processing to analysis and dissemination.
Provides a security intelligence platform that automates the collection and analysis of a massive volume of data from open, technical, and dark web sources. The platform is designed to provide context and support proactive decision-making throughout the intelligence cycle.
Offers threat intelligence and incident response services powered by the Mandiant Advantage platform. This platform helps organizations manage threat intelligence, validate security controls, and automate responses, supporting the analysis, production, and dissemination phases of the cycle.
A major defense contractor that develops technology for national security and law enforcement to collect, process, and analyze vast amounts of data. Their solutions are used to generate actionable intelligence for complex investigations and missions.
Provides the Falcon platform, which includes the Falcon Intelligence product. It automates threat intelligence by collecting endpoint data, analyzing malware and adversaries, and disseminating finished intelligence reports and indicators of compromise to security teams.
Develops the Cortex XSOAR platform, a security orchestration, automation, and response (SOAR) tool. It operationalizes threat intelligence by automating the collection, enrichment, and analysis of data and executing response playbooks, streamlining the intelligence cycle.
Provides a Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform. It serves as a core technology for security operations centers to collect, process, and analyze security data, enabling the analysis and dissemination stages of the intelligence cycle.
Specializes in threat intelligence platforms (TIPs) with its ThreatStream product. The platform aggregates intelligence from numerous sources, helps analysts correlate it with internal security data, and disseminates relevant threats to security controls, managing the intelligence lifecycle.