Threat Intelligence on Cisco Secure Network Analytics is similar to Security Intelligence on Cisco Firepower Threat Defense, while on FTD the informations of Malicious IPs URLs and DNS downloaded from Cisco Talos are used for instant blacklisting.

The Cisco Secure Network Analytics downloads only a list of malicious IP addresses like the CnC servers and uses these informations to monitor and alarm administrators and IT Analysts about inside hosts that are trying to connect to these malicious IPs.

Monitoring traffic toward these malicious IP addresses provides a second layer of security if you are deploying Cisco FTD with Security Intelligence enabled. This approach helps the admin or IT analyst to monitor if the Cisco FTD protects your inside hosts from internet threats and detects any violation.