August 22, 2016
-
Joe Franscella
,

Who Uses Open Source Threat Intelligence Feeds?

<p>Anyone charged with protecting data about others should take threats very seriously. Setting up online security enabled with cyber-threat intelligence is an important component of a responsibly managed network.</p><p>Certain industries experience more frequent targeted attacks than others. Financial hacks and leaks of healthcare and retail consumer data often make the biggest headlines. Adoption of threat intelligence varies among businesses <a href="http://www.darkreading.com/analytics/why-many-organizations-still-dont-use-threat-intelligence-portals/d/d-id/1322399" target="_blank">due to a number of logistic obstacles</a>. Still, just because large-scale directed attacks are more prevalent in some industries doesn’t mean that other industries are not targeted or equally harmed by hackers.</p><p>The US government is leading a charge to collect as much threat data as possible to protect military and scientific developments as well as improve general domestic security. Many public sector organizations are required to participate in sharing of Indicators of compromise and other threat data. Privately held enterprises are encouraged to participate voluntarily.</p><p>All parties contributing to open source threat intelligence feeds must follow guidelines for anonymizing the info. The platform must allow you to scrub away identifiers about the victim leaving behind only clues to identify and respond to hackers. Users will find tools for complying with any future mandates within open source threat intelligence feeds to be helpful.</p><p>The pandemic of malware-infected workstations in all sorts of homes and small businesses create a widely-proliferated problem. Signs of a threat extend well beyond the detection of malware. Large corporations have ample funds to invest in ample firewalls and SIEM as well as staff teams of security experts. What about small and medium businesses with the same vulnerabilities but not the same resources? Open source threat intelligence feeds are created using <a href="https://github.com/Pwnlandia/mhn" target="_blank">source code that is free to download</a>.</p><p>There is an investment for configuration and ongoing management of the system. Nonetheless, the longer you work at monitoring your network, the more powerful tool it becomes. Use a platform which compares your log against profiles of known threat actors and even find <a href="{page_253}">supplementary feeds in your niche</a> or location.</p><p>Within these respective organizations there are a couple of roles which can be shared, individually tasked to a main person, or assigned to a service rep. There may not be a fully dedicated cyber security expert or even a general tech person, but in the smallest businesses there are first-responders. A recent survey shows <a href="https://www.sans.org/reading-room/whitepapers/analyst/cyberthreat-intelligence-how-35767" target="_blank">14% of businesses have one person</a> monitoring cyber-threats.</p><p>Larger companies have security, IT, and IT Security teams, all of which need to work together. "Silos" of information must be resolved for open source threat intelligence feeds to meet their full potential. IT specialists are familiar with user behavior, as the purveyors of useful tech. The security team requires input about the network's assets to sufficiently protect them.</p><p>Advancements are taking off for finding evidence of breaches and suspicious events leading up to the event right in your web traffic. Open source threat intelligence feeds present you with a report of all manner of suspicious traffic. They are useful for anyone who needs breach alerts and means to investigate them. Don't miss out on the greatest tool you can use to wield against enemies – information.</p><p>Learn more about who exactly is using cyber threat intelligence.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-bd3e320b-6f5f-47ad-ae30-589597d266a4"><span class="hs-cta-node hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" data-hs-drop="true" id="hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3457}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=bfe9d714-b9a1-4733-8b89-44b169eb6a53&amp;placement_guid=bd3e320b-6f5f-47ad-ae30-589597d266a4&amp;portal_id=458120&amp;redirect_url=APefjpGd5dIYihJrdyp2Iz_vn08sKj8jLKzyBAioPSnHGlxik4q1W0JMXmIbKtpUG2k3Q3_b-quKhDYR3t7s7Of8zQgMDk6UXQc3Zbt2w89mUn_qHwToPk9D_4DHCabIPdP8KT7dJZlyv4EqQLMqVuTemmrEAxUFkH9rxC-kRSVvnWOIg_8Cxo9zWTyj6IIX8G2NmUGdCTfDdOLTOiLLT5D3qk3Gog4toyd9bzQPOEuKycxo3c0f2hflRDBvykrRU-MpCj3okARRs7RVUtQh07JuOxgwLJjjvfGDXCFtstyY6cCr9n9_i8Mxv6oWssjbN8m26f_xrCNQrO4koE6mRWr7Xg2R1VJ4vQ&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fwho-uses-open-source-threat-intelligence-feeds&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fwho-uses-open-source-threat-intelligence-feeds&amp;pageId=4348643968&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.33.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_bfe9d714-b9a1-4733-8b89-44b169eb6a53" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'bd3e320b-6f5f-47ad-ae30-589597d266a4', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.