Part 1: Our CTI introduction
Erik Van Dijk
Product Manager Orange Cyberdefense
“Hey Erik, does Orange Cyberdefense actually do Cyber Threat Intelligence? I had no idea!”
Yes - we absolutely do.
But before diving into what we do, we want to take a step back and talk about why we do it. Because without understanding the foundations, the rest doesn’t stick.
In this blog series, we’ll walk you through how we view Threat Intelligence at Orange Cyberdefense. Step by step, we’ll move from the why to the how - and finally to the what.
Our goal? To show you exactly why Threat Intelligence from Orange Cyberdefense matters.
Cyber Threat Intelligence - sounds fancy, right?
But ask ten people what it means, and you’ll get answers that range from “super technical hacker stuff” to “some dashboard I never open.”
The truth? CTI can be complex (or we make it complex) - definitions fly from A to Z, from Paris to Tokyo. But at its core, it’s about one thing: making smarter decisions in the face of digital threats to decrease uncertainty.
In this blog series, we’ll cut through the noise. We’ll explore the Why and the What of Cyber Threat Intelligence - and break it down into something real, useful, and maybe even a little exciting.
By the end, you’ll know what CTI can do for you and why you might want it in your corner.
Let’s dive in.
Cyber Threat Intelligence in its Core
What is Cyber Threat Intelligence, Really?
CTI is often discussed in buzzwords or buried within slides filled with indicators and feeds. But let’s simplify it:
At its core, CTI is about helping the right people make better decisions when facing cyber threats.
It’s not magic. It’s not endless streams of data. It’s relevant, timely, and actionable insights - precisely what you need to stay ahead.
The Foundation: Planning & Direction
CTI isn’t about collecting “everything.” It begins with a fundamental question:
What do we need to know to stay safe, secure, and prepared?
This is where Priority Intelligence Requirements (PIRs) come into play. PIRs define what matters most - guiding your focus and aligning your efforts with your business or mission objectives.
Think of PIRs as your CTI compass. Without them, you risk drowning in noise.
Here are two quick examples:
- Good PIR:
Are stolen usernames and passwords from our organization being sold or shared on the dark web? - Bad PIR:
What are the cyber threats out there and what’s happening globally?
We’ll delve deeper into PIRs in a future post - stay tuned!
Delivering Value: Timely, Relevant and Actionable
Effective CTI hits the sweet spot:
Timely – delivered before it’s too late to act.
Relevant – tailored to your environment, assets, and risks.
Actionable – leads to decisions or a responses.
If it doesn’t help someone decide, act, or prepare, it’s basically not intelligence.
CTI is a Process, Not a Product
CTI is more than threat feeds and IOCs. It’s an ongoing cycle designed to reduce uncertainty:
Planning & Direction — set your PIRs
Collection — gather the right data
Processing — cleanand organize the data
Analysis — find the meaning
Dissemination — get it to the right people
Feedback — adjust based on what works
This cycle keeps your intelligence efforts focused and adaptive.
Who benefits from CTI?
Cyber Threat Intelligence isn’t just for security teams or CISOs. When well-directed, it empowers everyone - from security professionals to executive decision-makers - with the insights needed to stay ahead of evolving threats.
In the next post, we’ll explore the important topic of having an Information Position - and why being first, knowing more, or knowing earlier can mean the difference between control and chaos.