August 10, 2016
-
Joe Franscella

Getting Started With Open Source Cyber Threat Intelligence

<p>More and more enterprises are taking steps to protect their networks from threats by using systems which include open source threat intelligence. As of last year, <a href="https://www.sans.org/reading-room/whitepapers/analyst/cyberthreat-intelligence-how-35767" target="_blank">76% of businesses reported using threat intelligence</a> collected from the intelligence community. Open source codes are made free to download and are designed to be tweaked to your specific needs. It has fostered an environment for sharing strategies as well as specific indicators of compromise which identify known hackers and their tactics.</p><p>Before you commit to software purchases, identify risks and assets to protect. Taking stock of all of the potentially exploitable assets on your network including email servers, file folders, web assets, etc. is an important step. Only after assessing all that you have to protect, you can find the right tools for doing so. Doing this work will help you prepare a case for managerial support. Presenting the need for an open source threat intelligence platform can be its own challenge in some organizations. By demonstrating the need for and value of threat intelligence, you can make your case and have funding approved.</p><p>Choose the specific software applications wisely. The system will function to keep overall traffic logs including activity in honeypots. There are some options for the location of these entities. Your honeypot can be installed on a local server, or a virtual machine. Not all programs are created equally, so compare their features before committing. The right platform will integrate with your existing firewall and SIEM, if not already bundled in. The most innovative companies will give you newer features sooner.</p><p>There are some basic requirements for installing open source threat intelligence. You will need a specialist to configure the platform, and personnel to manage it. <a href="https://wwwlegacy.anomali.com/files/eng/TS_Splunk_User_Guide_April_2016.pdf" target="_blank">Installation for Windows, Linux, or iOS</a> is a little different, but the outcome is the same. Your system must meet some basic requirements:</p><ul><li>256MB Ram</li><li>200MB Disk Space</li><li>1 Core</li><li>Internet access</li></ul><p>Install the platform with the help of an expert who can configure your alerts, firewalls, and honeypots properly. Convincing traps are enticing but not obviously so. Placing honeypots within and outside of your firewall is recommended. Where to place them within your network depends on your particular needs. Exceptions should be accommodated by the settings so that false positives are reduced as much as possible.</p><p>Plan for breach alert scenarios; who will respond to them, and how? Whether the staff is in-house or contracted through a vendor usually depends on the size of your company. Make sure you go with a source that will give you the amount of customer support you might need. If you don’t use the services, you can always scale back.</p><p>Businesses within the same industry share the same vulnerabilities, challenges, and in many cases have the same enemies. Whether you’re in finance, retail, healthcare, government or an SME, there is a lot you can do to <a href="{page_253}">cooperate with your contemporaries</a>, even your direct competition. Contribute your IOCs back to the open source threat intelligence platform and benefit from others’ experiences. Intelligence sharing tools were built with real businesses in mind, so they allow you to withhold or anonymize the logs containing details about the threat. In fact, <a href="https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/" target="_blank">removing identifiers is required by law</a>, per the CISA Act of 2015.</p><p>Sophisticated tools are now accessible to all size of enterprises thanks to affordable open source threat intelligence projects like the Modern Honey Net. For more info about using threat intelligence, check out our complimentary download.</p><p><em> <span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"> <span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&portal_id=458120&redirect_url=APefjpHpRiTztMA8uyIWPjPYmR3HAALSInqLv4LYHibo-vrAsX0-5ul50w8j4i-u_izT_cbGA4lQm7mQtYhPPkydp6Phj4m_8Thdr3ENfbKo6Z4MQ3M378_9RGVJV5qnsoxoYLv3ZyowACm9Oez4ywpclFO5s-PnqcnyCif6bvqq-05yrGmukbLUVF7imuPQJmwT8o3gJ2T1PMxvl2UIdP2BLJQHAE0oG1oirkltDo2BT0ZUbuZ1_wwFoTr5aGSz9dPxrNQKuC7ZP6ndZyguvLgyQH5E-R_jhDpLkTy5aGfqNdGWXg2nXQn4ii22eggiTgR2MJMlFsNvQuNb2SwROQHqmLN8Htcb4A&hsutk=2767d93d6471d657e0c9f660e4b58ef8&utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fgetting-started-with-open-source-cyber-threat-intelligence&canon=https%3A%2F%2Fblog.anomali.com%2Fgetting-started-with-open-source-cyber-threat-intelligence&pageId=4301834586&__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&__hssc=41179005.50.1478831861868&__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here"> View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span> </em></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.