Threat Intelligence Starter Resources

Creating a threat intelligence capability can be a challenging undertaking, and not all companies are ready for it. Businesses that run successful threat intelligence teams generally:

•    Collect externally available data on threats and correlate it with internal events.
•    Be aware of threats driving proactive security controls.
•    Establish proactive internal hunting for unidentified threats.
•    Invest in employee and customer threat education.
•    Expand security industry peer relationships.
•    Apply methods for collecting and analysing external threat data.

If your company is just starting out with threat intelligence and doesn’t have the time or resources to dedicate an entire department to the task, there are some easy ways to begin integrating threat intelligence into your daily routine without breaking the bank.

The following resources can help build awareness of the threat landscape and prepare your company for defense.

Google Alerts

One of the simplest ways to stay informed of potential threats is setting up Google Alerts. These can be especially useful to monitor attacks or vulnerabilities in your industry. To get the most from Google Alerts, be sure to follow Google search best practices like keeping phrases as short as possible, using quotes, leveraging domain extensions, and avoiding synonyms.

Threat Feeds

If you want to become more proactive in collecting data there are a number of open source threat feeds you can use to stay informed of suspicious IP addresses and domains as a starting point for threat research. For example, abuse.ch provides many feeds, including a ZeuS block list and ransomware tracker, and dan.me contains a full Tor node list that updates every 30 minutes.

Threat Blogs

Being well read is an important habit in life, and doubly so if you’re tasked with defending your company from cyber threats. Here’s a list of some informative blogs that range from general threat intelligence to incident response to geopolitical attacks:

•    CyberWire: Relevant briefings on critical cyber news happening across the globe.
•    Cyber Security Intelligence: Cyber News, Analyse, Directors, Management Reports and a Cyber Database.
•    OODAloop: Articles and analysis on cyber and geopolitical threats.
•    CTOvision: Context for the CTO, CIO, CISO, and data scientist.
•    FireEye: Insights on today’s advanced threats.
•    CERIAS: Articles from strategic thinkers like Gene Spafford and Sam Liles.
•    Dell SecureWorks: Articles focused on incident response and information security.
•    Palo Alto Networks: Articles and research around cyber-crime and vulnerabilities.
•    DomainTools: Content focused on domain data and internet trends.
•    ProtectedBusiness: Tips and techniques for defending your business.
•    Recorded Future: Original threat research and best practices for using threat intelligence.

Threat Reports

While blog posts can keep you informed on daily threat intelligence, sometimes it is necessary to look at an entire quarter or year to get a full view of the threat landscape.

The following cyber threat reports can help you get a grasp on lessons learned and best practices going forward:

•    Checkpoint Security Report: Yearly insights into cyber threats, including malware and botnets.
•    NTT Global Threat Intelligence Report: Analysis of global attack data.
•    Versign iDefense Cyber Threats and Trends: Overview of key cyber security trends.
•    Cisco Midyear Security Report: Threat intelligence and trend analysis report.
•    Symantec Intelligence Report: Annual and monthly intelligence reports.
•    Verizon Data Breach Investigations Report: Incident data from 67 global contributors.
•    Ponemon Institute Cost of Breach Study: Annual report on economics of breach and recovery.
•    CyberEdge Cyber Threat Report: Summary of security threats, response plans, and processes.

Threat Tools

While staying aware of the threat landscape is critical to any company’s threat intelligence strategy, there are some tools that can supplement the data without breaking the bank:

•    Maltego: Data-mining tool renders directed graphs for link analysis and finds relationships between pieces of information from various sources online.
•    Shodan: Search engine allows you to find out which of your devices are directly connected to the internet, where they are located, and if they are being used maliciously.
•    TweetDeck: Social media dashboard (free) that many use to increase their audience on Twitter, can also help companies track multiple twitter handles and add additional security.

For more information and suggestions on commercial cyber security contact Cyber Security Intelligence Ltd

Recored Future:

You Might Also Read:

Turn Threat Data Into Threat Intelligence:

Artificial Intelligence Gives Business Wings:

 

 

« Germany May Go Offensive After Russian Cyber Attacks
Bank Data Breaches Are Up And It's An Inside Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.