What is cyber threat intelligence?

Cyber threat intelligence (CTI) is the collection, analysis, and dissemination of information about current and potential cyber threats. It helps organizations understand who is targeting them, how, and why — enabling proactive defense rather than reactive response. Liberty91 automates the entire CTI lifecycle using AI.

How does Liberty91 automate threat intelligence?

Liberty91 uses AI agents to continuously monitor hundreds of cybersecurity sources in real-time. Our AI collects, analyzes, and reports on every cyber event relevant to your organization based on your threat profile, sector, geography, and technology stack. The platform delivers actionable reports, IOCs, detection rules (Sigma), and STIX bundles automatically.

What is the difference between threat intelligence and threat hunting?

Threat intelligence is about understanding the threat landscape — who the adversaries are, what tools they use, and what they target. Threat hunting is the proactive search for threats already inside your network. Liberty91 focuses on threat intelligence: collecting and analyzing external threat data so your team can prioritize hunting and defense efforts effectively.

Does Liberty91 integrate with SIEM and SOAR platforms?

Yes. Liberty91 integrates with SIEM, SOAR, TIP, and ticketing systems. It outputs intelligence in industry-standard formats including STIX bundles and Sigma detection rules, and connects through email, Slack, Microsoft Teams, and thousands of other platforms.

How is Liberty91 different from Recorded Future or Feedly?

Unlike enterprise-priced platforms like Recorded Future ($100K–$300K+/year), Liberty91 is affordable and accessible to organizations of all sizes. Unlike Feedly, which focuses on collection, Liberty91 provides end-to-end automation: collection, analysis, reporting, IOC extraction, and detection rule generation — all tailored to your specific threat profile.

Guide2024-12-2010 min read

How to Create a Threat Profile.

A threat profile is the foundation of any effective threat intelligence programme. Without one, you are doing security without direction — reacting to everything and prioritising nothing.

What is a Threat Profile?

A threat profile is a structured description of who might target your organisation, how, and why. It defines the threat actors, tactics, techniques, and procedures (TTPs) most relevant to your specific context — and allows you to focus your security resources where they matter most.

Step 1: Define Your Organisation

Start with the basics. What sector do you operate in? What regions? What is your technology stack? Understanding your own profile is the first step to understanding who might target you.

Sector and sub-sector — Financial services, critical infrastructure, healthcare, government, technology
Geography — Where you operate, where your customers are, where your supply chain extends
Technology stack — What software, platforms, and infrastructure you rely on

Step 2: Map Your Attack Surface

Your attack surface is everything that a threat actor could target. This includes your external-facing infrastructure, your employees, your supply chain, and your digital footprint.

Most organisations significantly underestimate their attack surface. Supply chain dependencies alone can double your exposure overnight.

Step 3: Identify Relevant Threat Actors

Based on your sector, geography, and attack surface, identify the threat actors most likely to target your organisation. These might include:

State-sponsored groups targeting your sector or region
Financially motivated actors using ransomware, business email compromise, or data theft
Hacktivists targeting organisations for political or ideological reasons
Insider threats — disgruntled employees or compromised accounts

Step 4: Map TTPs to Your Defences

For each relevant threat actor, understand their preferred techniques using the MITRE ATT&CK framework. Then assess your current detection and response capabilities against those techniques. The gaps are your priorities.

Step 5: Define Your Crown Jewels

What data, systems, or capabilities would cause the most damage if compromised? These are your crown jewels — and they should receive the highest level of monitoring and protection.

Keeping Your Profile Current

A threat profile is not a one-time exercise. It must evolve as your organisation changes, as the threat landscape shifts, and as new vulnerabilities emerge.

Liberty91 automates this process. Our AI agents continuously update your threat profile based on your attack surface, supply chain, and the latest threat intelligence — ensuring your defences are always aligned with the threats that matter most.