June 8, 2016
Joe Franscella

How Vulnerable Are You Without Open Source Threat Intelligence?

<p>Vulnerability, in terms of cyber-security, is a weakness or point of entry usable to attackers. It is a flaw of configuration, breach of security protocol, or another means by which an agent can access a system. Taking a proactive approach to network security is important to protect your data and your reputation. One must understand the possible dangers lurking outside to be safe from them.</p><p>Currently, the most state of the art way to monitor and understand threats is hosting a honeypot and studying how hackers interact with it. Open source applications like the Modern Honeypot Network fosters a network of decoy entities which are used to study invasive behavior. Learning about your enemies through a honeypot is useful for <a href="https://www.anomali.com/blog/shockpot-exploitation-analysis">collecting threat data</a>; leveraging this knowledge cooperatively with others makes for infinitely more usable valuable intelligence. Without the benefit of threat intelligence, an attack will take you completely by surprise.</p><p>There are different reasons attackers may work at breaching your network and their intrusions can come in different forms. Tools for attacking many users for relatively small gains are often deployed through automated systems. These broadly used tactics are quickly identified by developers like those <a href="https://www.anomali.com/blog/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-so">using open source threat intelligence tools</a> such as the Modern Honeypot Network.</p><p>Attackers may use viruses as a tool however they also manually probe the <a href="https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities" target="_blank">network for points of entry</a>. When you use a honeypot created with the benefit of shared data and the newest tactics, the more suspicious activity can be identified. Without threat intelligence, you will be ignorant of early warning signs. A honeypot built using open source software will detect anomalies or problematic activity in the usage logs. Unusual timing, unauthorized account access, or the mysterious creation or deletion of assets are all signs of intrusion. A malware detector will not capture unusual behavior such as multiple unsuccessful login attempts or after-hours changes to admin accounts.</p><p>By understanding your vulnerabilities and the assets of value to criminals, you can better protect yourself in case of a successful attack. One major advantage of using open source threat intelligence over simple alerts from a turnkey software security package is the ability to take the long view, apply human reasoning, and understand the attack within the larger context. Prevent attacks altogether by quickly responding to the intelligence gathered via data breach detection.</p><p>Open source threat intelligence gathers <a href="http://www.sans.org/reading-room/whitepapers/analyst/cyberthreat-intelligence-how-35767" target="_blank">information about suspicious traffic</a> to your network. Combined with data collected from other systems, specific users and scripts can be identified. Once known, developers can work to create a patch against the malware or include necessary changes in a software update. Without the benefit of the open source threat intelligence, you are creating your security plan in an intellectual vacuum.</p><p>Download our free white paper that describes the Anomali Match model which focuses on prioritization and relevance for both security operations and threat analysts.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-522663a1-2e23-4655-9c36-592b876fdb70"><span class="hs-cta-node hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" data-hs-drop="true" id="hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3455}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=ae87b536-87f5-4cf1-85e5-1cf25faf63c6&amp;placement_guid=522663a1-2e23-4655-9c36-592b876fdb70&amp;portal_id=458120&amp;redirect_url=APefjpH5znnhvBNM_7QnTZAesuF-Ilix8bBCbiueac8DsxJG77NJ-bXg0PTa7edYa2DKmXJmB6X2KsbRal7DfQXA-6kIwDr8OJIK5pOK0cvfMN0KeyPpZu-9WH3N-rFDRM9nkB8cZsQM84C9UQCRx6nD5h-LKhzEoMv7_VOah7-GkJDsUuDom4KGqO0iBxJ4Z7DMu73qJmbSB7boDSbIOpw4623lPNTc_xW61vZiLLBad50MUfV5_aOeLkMRx5x__NYAg_JmYrzj7P8afvHzDfX0HrygqJ9hk0B4sonDhUrWP2EgdItSv78RvQzJwzvFxeN_X7Je59KQ-Ftkiv_io3GAKdU7Hzvij1ADicvVLhL1WpZ2c_MT9Vg&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fhow-vulnerable-are-you-without-open-source-threat-intelligence&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fhow-vulnerable-are-you-without-open-source-threat-intelligence&amp;pageId=4197614018&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478831861868.1478887113345.180&amp;__hssc=41179005.3.1478887113345&amp;__hsfp=1335165674" id="cta_button_458120_ae87b536-87f5-4cf1-85e5-1cf25faf63c6" style="margin: 20px auto;" target="_blank" title="Free Download Here">Free Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, '522663a1-2e23-4655-9c36-592b876fdb70', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.