Threat Intelligence
Cyber threat intelligence about threats and actors in cyberspace
Every and all organizations today face similar challenges when it comes to their IT security, since those challenges come in many shapes and using many different vectors. In this modern day and age we need intelligence and cyber threat intelligence is all about gathering information about threat and threat actors to help mitigate events in cyberspace.
Having a current cyber threat intelligence provides a plethora of benefits, but the most important is that it provides a broad view of what is happening and helps develop a more substantial and active cybersecurity posture. Other benefits of having cyber threat intelligence is having an imporved detection of threats and therefore a better overview and more informed decision making following an intrusion.
Today’s threats constantly increase in both numbers and scale, as attackers ever more sophisticated find new ways to break through conventional security and safeguards. As threats like organized crime, hacktivists, and nation states keep on the growing, their methods get extremely targeted. They use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities.
Even worse, security measures of the past can fail to protect against these new classes of attacks.
As we can see from this cost of breach report from IBM, the average total cost of a data breach is now 3.86 million, with an average size of more than 25,000 records in each data breach. One of the main things that cause a breach to cost so much to an organization is the time to identify and contain a breach, which had an average of 280 days within 2019.
Threat Intelligence Platforms
Given the importance of having relevant and updated cyber threat intelligence, we need a platform. A threat intelligence platform is repository where multiply sources converge and threat data can be analyzed easily for real-time support and on-time decision making.
According to Dark Reading, threat intelligence platforms are made up of a several primary feature areas that allow organizations to implement an intelligent driven security approach. These stages are supported by automated workflows that streamlined the threat detection management analysis and defensive process and track it through to completion.
Most threat intelligence platforms that we will show next have a free and a subscription option and its up to
each organization to review the level of access and detail needed for their specific needs.
The Platforms
Recorded Future
Some of the features of that platform include centralizing and contextualizing all sources of threat data.
You can add your proprietary data and beads whether its data from industry bodies, security vendors, internal risks list, or independent research to the largest publicly available collection of data.
IBM X-Force Exchange
Is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats, aggregate actionable intelligence, and collaborate and its integrateable with other solutions.
Bleeping Computer
They allow you customize intelligence to increase relevance. You can tailor threat intelligence to specific use cases. Customized intelligence delivers more high fidelity alerting, allowing teams to focus on specifics.
Krebs on Security
DARKReading
infosecurity
TREND micro
Posted by Jorge G