Skip to main content

F3EAD Framework to Cyber Threat Intelligence | Optiv

August 15, 2013

In today's cyberthreat landscape, intelligence can alert you to new and emerging global threats that may affect your network operations. Intelligence can help you identify actors who may be targeting your organization or its executives and provide insights to help you prepare or take action.

The Global Threat Intelligence Center (gTIC) at FishNet Security uses a version fo the F3EAD framework, designed by the U.S. Military's Special Operations Forces, to gather information from a variety of internal and external sources, analyze it for usefulness and disseminate it as actionable intelligence.

“F3EAD, pronounced “F-three-e-a-d” or “feed,” is a version of the targeting methodology utilized by the special operations forces responsible for some of the most widely publicized missions in support of overseas contingency operations.” – Lieutenant General Michael Flynn, U.S. Army

F3EAD Model

F3EAD Model

Find - Identifying the question to be answered and researching applicable malware, threat actors and other events as detected by our Secure365: Managed Security Services team.

Fix - Collecting information from an all-source, fusion process for comprehensive, pertinent data analysis. Our gTIC is able to look at raw data from internal research projects, consulting engagements, client environments and external feeds.

Finish - Processing, examining and deploying analysis results to determine additional information needed.

Exploit - Collecting initial analysis results and information from the Finish phase. This step may result in the beginning of a new information gathering cycle.

Analyze - Creating actionable intelligence from the information, data and results of the previous phases.

Disseminate - Communicating intelligence across multiple channels. Our gTIC distributes information through one-on-one support, a weekly newsletter and a client web portal (currently in beta testing).

Related Blogs

June 20, 2017

Cyber Threat Intelligence – Putting out Fires or Firefighting?

When it comes to fighting malware, combating nation-state threats, and securing digital assets, the information security industry has much to learn fr...

See Details

December 13, 2017

Cyber Threat Intelligence Requires Commitment

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cy...

See Details

January 19, 2017

Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence

TTPs is a great acronym that many are starting to hear about within cyber security teams but few know and understand how to use it properly within a c...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

April 19, 2018

Cyber Threat Intelligence as-a-Service

Learn how Optiv’s Cyber Threat Intelligence as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your cy...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.