Of course, to have an understanding of which problems can be solved using threat intelligence, you do first need to understand what intelligence is potentially available. During the webinar, both Dave and Chris spent some time covering the most common sources.
1. Open Source Feeds
There are hundreds of these available, covering every aspect of security you can possibly imagine. Implement a basic threat intelligence platform (TIP), and you have everything you need to start digesting truly unmanageable numbers of alerts.
2. In-House Threat Intelligence
Often referred to as “security analytics,” in-house intelligence is produced by incident response teams, security operations center (SOC) personnel, and security analysts. Past attack forensics are a common example.
3. Vertical Communities
Certain industries and verticals have access to intelligence-sharing communities, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC). These communities can be extremely valuable, but are often gated, meaning even organizations processing a high volume of transactions may be disallowed access if they don’t possess the “right” brand name.
4. Commercial Services
Offered by dozens of security vendors, often referred to as providers, commercial threat intelligence services vary wildly in quality and scope. At their best, they offer vital insights into one or more areas of intelligence with far fewer false positives than their open source alternatives. At their worst, they’re expensive, and fail to deliver truly actionable intelligence.
5. Dark Web Intelligence
Try to forget about your preconceptions. Functionally, the dark web definitely isn’t “everything not indexed by Google.” From the perspective of cybersecurity, the dark web is around 500–600 underground forums, which can only be accessed using specialized browsers.
The most recent darling of the threat intelligence world, the dark web offers organizations the chance to identify stolen assets, explore threat actor targeting, analyze exploit kits, and much more. Unfortunately, given the need to understand multiple languages (including relevant slang) and potential for drawing the attentions of dangerous parties, gathering these gems in-house can be more trouble than it’s worth.
Many of the more secretive (and thus valuable) communities are extremely difficult to join, requiring existing members to vouch for new applicants, and even demanding joining fees running to thousands of dollars.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM