Threat Intelligence Feeds Can Help in Unexpected Ways

<p>Now that threat intelligence feeds are more available than ever, it’s time to rehash the possibilities for protecting data for all scale of organization. Using <a href="https://www.anomali.com/blog/getting-started-with-open-source-cyber-threat-intelligence">open source threat intelligence</a> does more than aggregate your firewall and SIEM. It will alert you to the other manner of conditions which precede a cyber-security incident.</p><p>Ransomware attacks can seemingly come out of nowhere. One moment you’re all working and the next thing you know the screen is demanding payment amidst jarring graphics. Malware attacks like ransomware scandals don’t just happen all of a sudden. To take over your network and its data, hackers must first get inside. If you can discover a hacker before the encryption has taken place, there is still time to respond.</p><p>Your cyber-threat intelligence platform works best when customized to expect threats relevant to your industry. You can trade information with partners to enhance your platform’s basis of comparison. In this process of gathering information about online threats, you may identify new players in the real world. Corporate and government <a href="http://www.bloomberg.com/news/photo-essays/2011-09-20/famous-cases-of-corporate-espionage" target="_blank">espionage is not just the stuff of movies</a>; campaigns to steal, sabotage, or destroy data can come from anywhere. Identifying parties who are sending phishing messages or locating the source of account credentialing hacks can reveal enemies who had before gone unidentified.</p><p>Staff retention is a major component of management. Hiring and training employees come with an inherent cost of labor and lost productivity. Employees take your training with them when they leave to work for the competition or themselves. Hopefully the experience is all they take, although employee data leaks are occurring at a high rate. Losing proprietary info is lost income at the least; at worst it can result in a scandal that shakes consumer confidence forever. Signs of discontent can be detected digitally. Ideally, you can turn an insider situation around before the employee is recruited to be a mole or takes it upon itself to find the goodies and walk. If not, you may have an opportunity to revoke access to important files before it’s too late.</p><p>Threat intelligence feeds can help detect insider threats. Hapless mistakes result in catastrophic hacking crises. This could mean everything for companies at risk of experiencing advanced persistent threats. <a href="http://www.infosecurity-magazine.com/news/91-of-apt-attacks-start-with-a-spear-phishing/" target="_blank">91% of hackers creating APTs used a spear phishing campaign</a> to get an initial foothold. Phishing relies on successful social engineering. Data about email vulnerabilities are of use to both IT security and risk management. Why not discover the weak links before it becomes an HR issue, too?</p><p>Some hacks occur as a result of exploitable login credentials. This job becomes easier when employees use company email addresses to sign up for social media, forums, fantasy sports, etc. If you configure your threat intelligence feed to notify you of accounts created with company email addresses, you can discover careless broadcasting of that particular vulnerability.</p><p>Honeypots can feed valuable data into your threat intelligence feeds which can yield interesting intelligence. All honeypots capture the source of traffic and any exploit tools used. Giving hackers options of which fake elements to pry into will reveal their motives. Realistic and varied deception traps can capture activity of unwelcome visitors and provide them an environment in which to exhibit “tells”. Is the hacker after email correspondence, salary data, or data pertaining only to one person? Seeing the specifics gives you so much more useful context.</p><p>The overall theme is that there’s no reason your IT security configuration cannot be creative. Convincing honeypots and <a href="https://www.anomali.com/blog/whats-in-a-threat-feed">well-configured threat analysis tools</a> will make for better threat intelligence feeds. Every network is different and hackers certainly aren’t following any rules. <span class="hs-cta-wrapper" id="hs-cta-wrapper-4dc46608-6703-4ed1-9fe2-26c9b509b7a3"> <span class="hs-cta-node hs-cta-4dc46608-6703-4ed1-9fe2-26c9b509b7a3" data-hs-drop="true" id="hs-cta-4dc46608-6703-4ed1-9fe2-26c9b509b7a3" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="https://www.anomali.com/resources/webcasts/hunting-for-potential-threats-in-your-enterprise" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=163ada4e-a231-48de-8452-f0f9c507f25b&amp;placement_guid=4dc46608-6703-4ed1-9fe2-26c9b509b7a3&amp;portal_id=458120&amp;redirect_url=APefjpGDpYKY8btR2l_VwwPmgPOva7LJdlFj32v7RIv6kYFzhifqH5NgnjbwitflXaal6lC1DvuN0ME2ebMlvwK0BOe8zRkrE7X8_StB25Bztw5-lLb42Wylk2g1HWxw7Nj67Kc7tdmteAeiQQMhII54gg-q85N0m77Z_mThqqyqhc0_KaJ2WGL38MB2cYpuge1V3DHC74bMBId92dNOe-9x65_gNiCHlzXlWibl4dQSQBiWmmfqf5yefTedTsmEFSesOiF77wlh2jsttKYc80uaycJmcbsNSty-y5YCwECzepnkEgRBhiGsTowN3Q4R_qo-_CUXt9Reou80-ehOne4dIXcQv7l4VA&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthreat-intelligence-feeds-can-help-in-unexpected-ways&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthreat-intelligence-feeds-can-help-in-unexpected-ways&amp;pageId=4337542324&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478467980860.1478822660171.178&amp;__hssc=41179005.36.1478822660171&amp;__hsfp=1335165674" id="cta_button_458120_163ada4e-a231-48de-8452-f0f9c507f25b" style="margin: 20px auto;" target="_blank" title="View Now! "> View Now!  </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, '4dc46608-6703-4ed1-9fe2-26c9b509b7a3', {});</script> </span></p>