TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization.
A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform.
Integration between these teams and sharing of threat data is often a manual process that relies on email, spreadsheets, or a portal ticketing system.
[2] Threat intelligence platforms[3] are made up of several primary feature areas[4] that allow organizations to implement an intelligence-driven security approach.
These stages are supported by automated workflows that streamline the threat detection, management, analysis, and defensive process and track it through to completion: Threat intelligence platforms can be deployed as a software or appliance (physical or virtual) on-premises or in dedicated or public clouds for enhanced community collaboration.