Abstract: Cyber Defense requires dynamic intelligence, rapid response and coordination mechanism under persistent confrontation. Aiming at those requirements, threat twin technology is proposed which combines with parallel intelligence theory. Threat cognition modeling framework is the basic of threat twin model. Identity mapping completion technology is used to complete information of threats; The twin technology of threat behavior explores multiple parallel digital spaces. Threat twin technology dynamically couples the C2 flow and intelligence flow, reshaping a new cyber defense C2 parallel mode to support quantitative analysis of solutions, real-time risk assessment, and system defense under persistent confrontation, and realize the parallel intelligence of cyber defense.