Introduction to Threat Intelligence Feeds
Actionable information on adversaries is provided by the branch of cyber threat intelligence feeds. This information is of great importance to cyber defense. The result of this importance is investment and creation of information sources that are new or innovative on threat actors. Challenges of its own are created because of this. How do you know which source to check and why to check that source? How do you know which sources to consider at an even higher level? Many sources of information are encountered in community activities. We have made a list of sources of information and links are provided to these sites for more information.
Top Cyber Threat Intelligence Feeds
The list of links to websites will speed up our research and the best providers of cyber threat intelligence are these links. There are several cyber threat intelligence feeds, they are:
- Alien Vault.com: Adversaries present in multiple sources including large honeynets.
- Cyveilance.com: The feeds on the threat actors are unique if there are criminal intent indications.
- Emerging Threats.net: Consists of a variety of feeds.
- Fire Eye.com: It is a DTI. DTI stands for dynamic threat intelligence service.
- Hack Surfer.com: It provides valuable insights as per the business requirements. It is also called Surf Watch.
- Internet Identity.com: The big data solution’s threat to feed active trust.
- Recorded Future.com: Web’s real-time threat intelligence.
- Secure Works.com: Feeds and instrument networks is provided.
- Symantec.com: Valuable and deep insight feeds on different topics are provided which also includes reputation.
- Spy Tales.com: Everything we need to know about the spies, their past, present, and future.
- Team Cymru.com: Bogon lists and threat intelligence.
- The Cyber Threat: High-level twitter feed but the feed is understandable and curated.
- Things Cyber.com: Cyber conflict and cybersecurity critical lessons related to our defense today.
- Threat Connect.com: Focuses on information sharing by cyber squared.
- Threat Grid.com: Unified malware analysis which is now a part of cisco.
- Threat Intelligence Review.com: Threat intelligence sources reviews that are updated.
- Threat Stop.com: Botnets are blocked by the internet provider’s reputation.
- Threat Stream.com: Multiple sources with the interoperable platform and it is a famous team.
- Threat Track.com: An array of malicious internet providers, URL’s and phishing or malware related data.
- Verisigninc.com: Feeds of iDefense which is highly recommended by some important institutions.
The continuous array of threat data like the IOC’s are threat intelligence feeds. The threat intelligence feeds are to be provided to technologies such as SIEM. The threats and attacks happening all over the world results in threat intelligence feeds. Cyber attacks can be prevented by implementing these feeds with controls on technical content. They are actionable information.
Organizational Requirements for its Feeds
The organization should understand the requirements of its feed before the threat intelligence feeds can be obtained. Self-assessment of the organization must be done based on the following:
- The infrastructure of the network.
- The posture of current security.
- Capacity to manage TI when the feeds are received.
- The organization must question itself to check if the information is of value to build a knowledge foundation for the long term.
Feeds should be captured and implemented once the vision is set and the goals are clear. The principle on which threat intelligence works is: Incidents from the other organizations must be used to learn and learn on your own awareness of the threat and response of the threat.
Types of Threat Intelligence Sources
There are different sources from which the threat intelligence feeds can be obtained. Each of these feeds has its own advantages and disadvantages. The threat intelligence feeds must be clubbed from different sources to achieve maximum results.
Threat intelligence feeds is classified into two categories:
- Threat intelligence feeds available on the internet for free called publicly available feeds.
- Threat intelligence feeds which need to be purchased from security vendors called private threat intelligence feeds.
The sources of publicly available feeds are:
- Feeds that are open source.
- Social listening.
- Pastebin additional monitoring.
- Using TAXII. TAXII stands for a trusted automated exchange of indicator information.
- Internal sensors.
All these feeds are available for free publicity, as the name suggests. There are many websites like Zeus tracker, Virus Total, etc. Threat intelligence feeds that are privately used for security operations. The feeds that are provided by vendors for payment are called commercial feeds. Country specific, military-specific cyber attack information can be found in government intelligence feeds. Cyber-attacks happening at a geographical level can be known by government intelligence feeds.
From big bounty hunters to penetration testers, use an important concept called Open-source intelligence (OSINT). Gathering of information through social media like Twitter, LinkedIn, Facebook, etc. is called social listening. Real-time threat intelligence feeds can be shared using Twitter. Twitter profiles can be followed to get the latest information on feeds. The repository of text where the data can be copied and pasted and stored by information technology professionals like developers, coders, etc. is called Pastebin. It is a repository of information where the data marked as private cannot be accessed by all and other data is available to all. A great source of threat intelligence is Pastebin. The Application Programming Interface of Pastebin is known as paste hunter. The data contained in the Pastebin is dumped by the paste hunter to analyze and filter out the required actual data.
The medium for the exchange of TI is TAXII which stands for trusted automated exchange of indicator information. The organizations share their threat intelligence related data and services among themselves on a centralized platform called trusted automated exchange of indicator information. The investment is only one-time required for the infrastructure of TAXII to set up, automate and related procedures. After the set up is done, multiple organizations can share and benefit from it.
The important investment by an organization for its security posture is threat intelligence feeds because of the benefits provided by the threat intelligence feeds:
- Information on adversaries is given in advance by the threat intelligence thereby providing strong protection.
- Cyber-attacks can be identified and stopped by using threat intelligence feeds.
- The organization is prepared for cyber-attacks by the threat intelligence feeds on how to maintain damages and recover from them.
This is a guide to Threat Intelligence Feeds. Here we discuss the Introduction and top cyber threat intelligence feeds with the types of threat intelligence sources. You may also look at the following articles to learn more –