Understanding Threat Intelligence: Types, Importance, and Application in E‑commerce Security

Just as wars are decided by many factors, modern cyber conflicts rely heavily on threat intelligence to gain the initiative, making it the "enemy’s secret" that can turn the tide of an attack.

What is Threat Intelligence – Gartner defines it as evidence‑based information about existing or emerging threats, including context, mechanisms, indicators, impact, and actionable recommendations that help organizations make informed security decisions.

The value of threat intelligence lies in uncovering potential threats and providing strategic and tactical decision‑making support, encompassing sources such as vulnerability databases, IP reputation feeds, and device fingerprint repositories.

Classifying Threat Intelligence – At the first "Threat Intelligence Ecosystem Conference," JD.com’s security director Hong Jing‑feng categorized intelligence for e‑commerce into three types: strategic, tactical, and operational.

Strategic Intelligence focuses on high‑impact risks such as major zero‑day vulnerabilities, large‑scale targeted attacks, and severe data breaches, offering early warnings to strengthen defense posture.

Tactical Intelligence includes more mature, widely shared data like malware, intrusion attempts, credential stuffing, and fraudulent buying activities, useful for daily monitoring and blocking.

Operational Intelligence supplements tactical data with detailed analyses of incidents encountered during routine operations, enabling deep mining of black‑market tools, resources, and actor profiles to support attribution and offline takedowns.

Recent high‑profile incidents (e.g., 2018 Facebook data leak, hotel industry breaches, and the Wannacry attack on TSMC) demonstrate that adversaries are increasingly organized, automated, and intelligent, making proactive intelligence essential.

How Threat Intelligence Is Used – JD.com integrates intelligence throughout the entire attack chain against fraudulent scalpers, from crawling product information to automated ordering, AI‑driven captcha solving, and resale, using intelligence to intercept and neutralize threats at each stage.

Beyond traditional anti‑scraping techniques, JD.com leverages intelligence to monitor black‑market activities, predict attacker behavior, harden critical assets, and run automated response drills, combining supervised and unsupervised learning to reduce false positives while maintaining user experience.

Regular analysis of accumulated intelligence refines threat actor profiles, supports law‑enforcement collaboration, and improves long‑term defensive capabilities.

Challenges of Threat Intelligence – Strategic intelligence must be timely and comprehensive; tactical intelligence requires scenario‑specific accuracy across industries; and sharing intelligence is hindered by confidentiality, privacy regulations, and sector‑specific constraints, all of which need further research and standardization.