© 2021 Elsevier B.V.Defending networks is becoming more challenging due to the growing number and variety of cyber threats. On the other hand, network security professionals have new technologies and tools at their disposal. This paper focuses on a few of these technologies and investigates new ways to take advantage of them. To this end, we present Citadel, a novel security system utilizing cyber threat intelligence (CTI) to construct automated defense solutions in software-defined networking (SDN) environments. Citadel also incorporates network function virtualization (NFV) and service function chaining (SFC) to achieve flexible, cost-efficient, and proactive network defense. We examine CTI data to extract common attacker models and design security services as virtual network functions chained together using SFC to counter these threats. The modular and extensible nature of Citadel makes it suitable for incremental deployment in networks. Besides, we propose a new CTI data model to use as an extension of the existing CTI models for better compatibility with automated network defense. Extensive evaluations demonstrate that our proposals are applicable and effectively facilitate the management of agile defense in SDN/NFV-enabled networks.