Threat intelligence (TI) generates information on known threats that is used in rules to initiate countermeasures.
Threat Defender integrates a continuously active TI subsystem that provides a bundle of TI feeds from multiple sources. They contain various types of data, such as information on downloads of ransomware, C&C server domains and so on.
Threat Defender compares all network traffic flows to these feeds in real time. If an indicator is discovered, the policy engine can be used to log the event and/or block the concerned traffic.