• Technologies
    • Networking
    • Cybersecurity
    • Collaboration
    • Edge Cloud
    • Managed & Professional Services
    • SASE
  • Customer Stories
  • Insights
    • Business Continuity & Disaster Recovery (BCDR)
    • Customer Experience
    • Data-Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Gaming
    • Healthcare
    • Manufacturing
    • Media & Entertainment
    • Public Sector
    • Higher Education
    • Retail
    • Technology
  • About Lumen
    • Black Lotus Labs
    • Leadership Perspectives
    • Newsroom
    • News Spotlights
  • Technologies
    • Networking
    • Cybersecurity
    • Collaboration
    • Edge Cloud
    • Managed & Professional Services
    • SASE
  • Customer Stories
  • Insights
    • Business Continuity & Disaster Recovery (BCDR)
    • Customer Experience
    • Data-Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Gaming
    • Healthcare
    • Manufacturing
    • Media & Entertainment
    • Public Sector
    • Higher Education
    • Retail
    • Technology
  • About Lumen
    • Black Lotus Labs
    • Leadership Perspectives
    • Newsroom
    • News Spotlights

What is a threat feed? (and what it’s not)

Molly Moser Posted On October 20, 2023
0
42.4K Views


0
Shares
  • Share On Facebook
  • Tweet It

A digital screen with lines of code in white text on a dark blue background with certain phrases highlighted in yellow and blue

The cyberthreat ecosystem is ever-evolving as attack volumes grow and tactics shift to be more and more creative. For cybersecurity teams, knowledge and situational awareness is power, and staying apprised of the latest threats by tapping into emerging intelligence is crucial to combat threat actors.

But where does this threat intelligence come from? How is it leveraged? And what are its limits?

Defining threat feeds

One of the sources that organizations derive their cyberthreat intelligence from is threat feeds, which provide continuously updated data containing threat information, including indicators of compromise (IOCs) such as suspicious IP addresses and domain names as well as the tactics, techniques and procedures (TTPs) used by threat actors. Often, organizations leverage multiple threat feeds, both free and paid, to gather as much intelligence as possible with the goal of identifying and responding to threats more accurately and quickly, thus reducing risk exposure.

There are many benefits to leveraging threat feeds. For example, well-curated, timely threat intelligence from a trusted source can save security teams valuable time and allow them to better allocate their resources. Automating data collection and notification enables teams to detect, prevent and respond to threats sooner, more efficiently and accurately. This allows companies to reduce costs, scale their defenses and free up resources to focus on threats that require more complex analysis.

Threat feed limitations

Although a threat feed can be a valuable cybersecurity tool, providing a window into a complex and rapidly changing landscape, it is not a security solution in and of itself. Think of it this way: if you buy a threat feed, then you’re buying actionable data… but you still need to act on that data. So really, you’re buying yourself more work.

What’s more, not all threat feeds are created equal, and some can exhaust your resources with false positives. Intelligence must be reviewed and prioritized before it’s acted on, as acting on inaccurate or out-of-date information could have costly consequences, such as wasted time and resources. Or, even worse, it could cause security incidents—resulting in data exfiltration, loss of intellectual property and impacts to critical systems and data availability.

Feeding a comprehensive security solution

The key to effectively leveraging a threat feed is to integrate it into a comprehensive security solution with proactive blocking. For example, solutions like Secure Access Service Edge (SASE) unify your network and security management while embedding high-fidelity threat intelligence, automatic detection and proactive response within the service. This takes some of the work off your plate by automatically blocking threats based on high-confidence data.

Through Lumen’s expansive and deeply peered global network, we have extensive visibility into the global threat landscape, and can thus see and stop more threats at scale based on intelligence from our threat-research team, Black Lotus Labs. Black Lotus Labs feeds its high-confidence data directly into Rapid Threat Defense—the auto-blocking capability for Lumen Security Solutions—every 15 minutes, so organizations are protected in real time from threats that other organizations may not be able to detect.

Learn how your organization could benefit from the high-fidelity threat intelligence integrated into Lumen Security Solutions. Explore SASE and DDoS Mitigation services.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.

Post Views: 42,445

Related posts:

  1. The Reemergence of Ransom-based Distributed Denial of Service (RDDoS) Attacks
  2. 5 Observations from Lumen on 2022 Attack Trends
  3. Q3 2022 Lumen DDoS Quarterly Report
  4. The Benefits Of Threat Research For Midsize Businesses
0
Shares
  • Share On Facebook
  • Tweet It


CyberthreatsDDoS ProtectionNetwork Security


Author

Molly Moser

Molly Moser is a Senior Lead Marketing Manager for the Lumen Security portfolio where she works directly with product management, sales and product development. Molly joined Lumen in 2021, and her background spans marketing, technical writing and science journalism.

Trending Now
Beyond the Finish Line: How Churchill Downs Racetrack Harnesses Advanced Network Solutions for Seamless Kentucky Derby® Operations
Lumen Customer Stories Team April 23, 2025
Announcing the Lumen strategic partnership with Google Cloud: Transforming the future of cloud and network solutions
Lumen April 9, 2025
You may also like
SASE Isn’t Here To Replace MPLS VPN, Despite What You’ve Heard
April 11, 2025
Building Trust Through Innovation: Massey Services Optimizes Agile Operations for Seamless Service and Safer Communities
April 9, 2025
Bridging the Cybersecurity Communication Gap Between IT Directors and Business Leaders
March 19, 2025
Q3 2023 Lumen DDoS & Application Threat Report
Read Next

Q3 2023 Lumen DDoS & Application Threat Report

  • Categories

    Adaptive Networking

    Connected Security

    Hybrid Cloud

    Communications and Collaboration

    Edge Computing

    SASE


  • Lumen is unleashing the world’s digital potential. We ignite business growth by connecting people, data, and applications – quickly, securely, and effortlessly. As the trusted network for AI, Lumen uses the scale of our network to help companies realize AI’s full potential. From metro connectivity to long-haul data transport to our edge cloud, security, managed service, and digital platform capabilities, we meet our customers’ needs today and as they build for tomorrow.

Services not available everywhere. ©2025 Lumen Technologies. All Rights Reserved.
Press enter/return to begin your search