August 19, 2016
Joe Franscella

Understanding The Relevance of Threat Feeds

<p>Threat feeds, reports about suspicious web traffic, are not the entire security plan but they are an integral part of it. It is through the intelligence that you can detect, identify and respond to cyber-attacks. In a survey, <a href="" target="_blank">63% of users report improved visibility</a> of attack methods. Ideally suspicious activity will tip you off to a potential attack before it takes root; however successful attacks have value in informing future defenses.</p><p>The average hacked system is compromised for months before detection. This is unacceptable when threat feeds can produce timely warnings. Threat intelligence platforms have the capability to synch up with your firewall or SIEM applications. Searching traffic for signs of trouble, generally termed <a href="" target="_blank"><em>Indicators of Compromise</em></a>, intelligence platforms are capable of notifying you soon after a known hacker visits you. In cases of unidentified hackers, their methods follow distinct patterns which can also be identified. Even if you can only afford basic reports, you can discover if you’ve been targeted by a known hacker when your traffic is compared against known IoCs within a day.</p><p>Threat feeds contain cyber-threat intelligence that don’t just identify malicious traffic but present it in context. Traffic logs contain clues to identifying your specific enemies. With many malware applications having been commercialized for direct use or hired-out hackers, you must look closely to determine their origin. Investigate a malware attack and based on its level of sophistication, you can tell if it was specifically directed at you or a random instance. This will make a big difference on how you must respond.</p><p>Discovering the origin of malicious traffic can inform your overall understanding of challenges presented to your business in the “real world.” An examination of events can reveal in-house threats i.e. <a href="{page_3217}">careless employees or spies</a>. Discovering specifics of when, how, and from where unauthorized traffic originated is very telling.</p><p>Threat feeds indicate the hackers’ targets. What are they after, and why? If someone takes the time to break into your email server, you can reasonably assume there is something of use there. Regardless of the actual spaces the hackers visit, you can only prioritize the protection of specific elements in your network if you are aware they are desirable entities. There are <a href="">countless ways to exploit</a> the various elements of a server, web domain, or network. The general motivations are money, secrets, or social incentives like political, ethical, or egotistical gratification.</p><p>Threat feeds are useful for both defensive and reactive measures. They contain actionable intelligence, meaning the event can be directly correlated to the prescribed response. Some applications are so user-friendly that information explaining the threat and suggestions are furnished alongside the alert. On a larger scale, threat intelligence is a national security issue. State sponsored hacking is such a great problem that the government is looking for ways to leverage the nations’ collective intelligence.</p><p>Threat feeds are what separate a platform that understands your threats in context from plug and play malware detection platforms. There are so many examples of ways gathering intelligence from your traffic logs can present the realities of online threats. You have got to see for yourself to truly understand the value of threat feeds.</p><p>What are some best practices for information sharing? Standards for the exchange of information? Answers to those questions and more can be found in this complimentary download.</p><p> <span class="hs-cta-wrapper" id="hs-cta-wrapper-bf271459-62f1-402a-848f-8053e3969477"> <span class="hs-cta-node hs-cta-bf271459-62f1-402a-848f-8053e3969477" id="hs-cta-bf271459-62f1-402a-848f-8053e3969477" data-hs-drop="true" style="visibility: visible; display: block; text-align: center;"><a id="cta_button_458120_18fe26c8-b204-4974-b043-7029208f22e1" class="cta_button " href="" target="_blank" style="margin: 20px auto;" cta_dest_link="{page_3453}" title="Download Here"> Download Here </a> </span> <script charset="utf-8" src=""></script> <script type="text/javascript">hbspt.cta.load(458120, 'bf271459-62f1-402a-848f-8053e3969477', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.