Skip to main content

Applying the Military's F3EAD Framework to Cyber Threat Intelligence

August 15, 2013

In today's cyberthreat landscape, intelligence can alert you to new and emerging global threats that may affect your network operations. Intelligence can help you identify actors who may be targeting your organization or its executives and provide insights to help you prepare or take action.

The Global Threat Intelligence Center (gTIC) at FishNet Security uses a version fo the F3EAD framework, designed by the U.S. Military's Special Operations Forces, to gather information from a variety of internal and external sources, analyze it for usefulness and disseminate it as actionable intelligence.

“F3EAD, pronounced “F-three-e-a-d” or “feed,” is a version of the targeting methodology utilized by the special operations forces responsible for some of the most widely publicized missions in support of overseas contingency operations.” – Lieutenant General Michael Flynn, U.S. Army

F3EAD Model

F3EAD Model


- Identifying the question to be answered and researching applicable malware, threat actors and other events as detected by our Secure365: Managed Security Services team.


- Collecting information from an all-source, fusion process for comprehensive, pertinent data analysis. Our gTIC is able to look at raw data from internal research projects, consulting engagements, client environments and external feeds.


- Processing, examining and deploying analysis results to determine additional information needed.


- Collecting initial analysis results and information from the Finish phase. This step may result in the beginning of a new information gathering cycle.


- Creating actionable intelligence from the information, data and results of the previous phases.


- Communicating intelligence across multiple channels. Our gTIC distributes information through one-on-one support, a weekly newsletter and a client web portal (currently in beta testing).

Related Blogs

June 20, 2017

Cyber Threat Intelligence – Putting out Fires or Firefighting?

When it comes to fighting malware, combating nation-state threats, and securing digital assets, the information security industry has much to learn fr...

See Details

December 13, 2017

Cyber Threat Intelligence Requires Commitment

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cy...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

July 29, 2016

Cyber Threat Intelligence Consulting Services

Remove the confusion surrounding the implementation of threat intel with a blueprint for logical progression in planning, building and running your cy...

See Details

July 29, 2016

Cyber Threat Intelligence Program Workshop

Learn how our experts bring together key stakeholders to design an actionable roadmap for your cyber threat intelligence program buildout.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.