Blog

The Best Threat Intelligence Feeds

Joe Franscella
September 20, 2016
Table of contents
<p>When it comes to choosing software platforms for your organization, it's important to choose wisely. Not all cyber-security suites are created equally. Consider all that is riding on the sanctity of your network security. Hackers need only to be successful once in order to <a href="https://www.anomali.com/blog/what-happens-to-your-data-without-cybersecurity">gain access to and exploit</a> your web domain, internal network, and the files therein.</p><p>Cyber threat intelligence is more than virus alerts. Some threats are immediate, as with a ransomware scam which encrypts your files until a ransom is paid. An attack is not usually immediately detectable. In fact, the average security breach goes <a href="http://resources.infosecinstitute.com/the-seven-steps-of-a-successful-cyber-attack/" target="_blank">undetected for over 200 days </a>on average and in some extreme cases, years. Some of the most damaging security events occur without use of malware, anyway. Should the threat be industrial espionage, you may never fully realize how you've lost ground. That is unless you know where to look.</p><p>Threat intelligence feeds rely on anti-malware, firewalls, and other “plug and play” platforms but they do not compromise the whole entirety of network security today. Quality threat intelligence feeds deliver the aggregate of multiple sources which only present a true portrayal of threats and vulnerabilities when examined all together.</p><p>A lot of research has generated a school of thought that uses evidence-based reasoning to pinpoint behaviors and patterns indicative of malicious or negligent behaviors. These are generally termed indicators of compromise.</p><p>Here are some must-haves we recommend for picking the most appropriate configuration for your website, internal network, cloud space, etc.</p><ul><li>Cover all points along <a href="http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542" target="_blank">the cyber kill chain</a>. The perimeter approach is no longer sufficient so your threat intelligence data sources must be dynamic and strategically placed at multiple points.</li><li>Detect insider threats.Employees continue to be the weakest link in the cyber-security perimeter. A truly intelligent system not only catches insidious phishing emails but the negligent management of credentials (i.e. weak or shared passwords), logins from unexpected source locations, or suspicious file access patterns.</li><li>Facilitate sharing of threat data. Your industry will benefit greatly to use a kind of “neighborhood watch” approach with other like organizations. Open source threat intelligence feeds give users options for sending and requesting general and specific data about threats.</li><li>Allow for more components to be added in. Cyber-criminals are constantly adopting new strategies and tools for exploiting the assets of others, and so <a href="http://www.darkreading.com/vulnerabilities---threats/5-reasons-every-company-should-have-a-honeypot/d/d-id/1140595" target="_blank">new tools and protective measures</a> are and will continue to be developed. When new components are sent to market, it's preferable to integrate them into your existing configuration than to start over.</li><li>Deliver <a href="https://www.anomali.com/blog/whats-in-a-threat-feed" target="_blank">quality threat alerts</a> that are useful. Alerts should be accurate and provide context about the threat as related to other compromised points. Unless you have a staff of experts, it's advisable to go with alerts capable of suggesting a corresponding action.</li></ul><p>Even if you don't consider yourself a prime target for a DDoS attack or data breach, you still have to take responsibility for your role in the fight against hacking and internal data leaks. Plus, it's better for public relations and risk management pros to push for ways to prevent liabilities such as stakeholder data breaches or stepping-stone hacks. Take at least much time to compare threat intelligence feeds as you would spend shopping for design or productivity suites.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-bd3e320b-6f5f-47ad-ae30-589597d266a4"><span class="hs-cta-node hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" data-hs-drop="true" id="hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3457}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=bfe9d714-b9a1-4733-8b89-44b169eb6a53&amp;placement_guid=bd3e320b-6f5f-47ad-ae30-589597d266a4&amp;portal_id=458120&amp;redirect_url=APefjpHRuGvwZ2ZGOg5oyptXCyBkbguYc52f49Y-o_xhM48KdYU2Xwo2q6mKZP0AIjSwq1xjEfcaeHlJMCLeN2hYM4HsqJXlVIlb8BZ_knc1A8jWSdXpNDsy_lgYTPuiC8ZN_ZUjzAUeGXi37vKFrOARJVT9Ft0vGznGneecD8QIH_MUyNKdHywpDontxWnYX5sAPl2Z-4E8nlp1YWn_YY9IQF9N6VbNA_G5oTFUZQ1qL7yLRZhuh4noLah0oJd9Nm8DxOmD8qXs9wUeFwkDAJvtoCqZfxAruhhtZEeAzgC6sw0BgvYpgS8aT7X1-9k5WW927wZSqQlpLbMSMh4xKPFHDgTMBhnytA&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-best-threat-intelligence-feeds&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-best-threat-intelligence-feeds&amp;pageId=4369697661&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478467980860.1478822660171.178&amp;__hssc=41179005.32.1478822660171&amp;__hsfp=1335165674" id="cta_button_458120_bfe9d714-b9a1-4733-8b89-44b169eb6a53" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'bd3e320b-6f5f-47ad-ae30-589597d266a4', {});</script> </span></p>
Joe Franscella

Joe Franscella is the former Vice President of Corporate Communications at Anomali.

Discover More About Anomali

Get the latest news about Anomali's Security and IT Operations platform,

SEe all Resources
No items found.
No items found.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

September 20, 2016
-
Joe Franscella
,

The Best Threat Intelligence Feeds

<p>When it comes to choosing software platforms for your organization, it's important to choose wisely. Not all cyber-security suites are created equally. Consider all that is riding on the sanctity of your network security. Hackers need only to be successful once in order to <a href="https://www.anomali.com/blog/what-happens-to-your-data-without-cybersecurity">gain access to and exploit</a> your web domain, internal network, and the files therein.</p><p>Cyber threat intelligence is more than virus alerts. Some threats are immediate, as with a ransomware scam which encrypts your files until a ransom is paid. An attack is not usually immediately detectable. In fact, the average security breach goes <a href="http://resources.infosecinstitute.com/the-seven-steps-of-a-successful-cyber-attack/" target="_blank">undetected for over 200 days </a>on average and in some extreme cases, years. Some of the most damaging security events occur without use of malware, anyway. Should the threat be industrial espionage, you may never fully realize how you've lost ground. That is unless you know where to look.</p><p>Threat intelligence feeds rely on anti-malware, firewalls, and other “plug and play” platforms but they do not compromise the whole entirety of network security today. Quality threat intelligence feeds deliver the aggregate of multiple sources which only present a true portrayal of threats and vulnerabilities when examined all together.</p><p>A lot of research has generated a school of thought that uses evidence-based reasoning to pinpoint behaviors and patterns indicative of malicious or negligent behaviors. These are generally termed indicators of compromise.</p><p>Here are some must-haves we recommend for picking the most appropriate configuration for your website, internal network, cloud space, etc.</p><ul><li>Cover all points along <a href="http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542" target="_blank">the cyber kill chain</a>. The perimeter approach is no longer sufficient so your threat intelligence data sources must be dynamic and strategically placed at multiple points.</li><li>Detect insider threats.Employees continue to be the weakest link in the cyber-security perimeter. A truly intelligent system not only catches insidious phishing emails but the negligent management of credentials (i.e. weak or shared passwords), logins from unexpected source locations, or suspicious file access patterns.</li><li>Facilitate sharing of threat data. Your industry will benefit greatly to use a kind of “neighborhood watch” approach with other like organizations. Open source threat intelligence feeds give users options for sending and requesting general and specific data about threats.</li><li>Allow for more components to be added in. Cyber-criminals are constantly adopting new strategies and tools for exploiting the assets of others, and so <a href="http://www.darkreading.com/vulnerabilities---threats/5-reasons-every-company-should-have-a-honeypot/d/d-id/1140595" target="_blank">new tools and protective measures</a> are and will continue to be developed. When new components are sent to market, it's preferable to integrate them into your existing configuration than to start over.</li><li>Deliver <a href="https://www.anomali.com/blog/whats-in-a-threat-feed" target="_blank">quality threat alerts</a> that are useful. Alerts should be accurate and provide context about the threat as related to other compromised points. Unless you have a staff of experts, it's advisable to go with alerts capable of suggesting a corresponding action.</li></ul><p>Even if you don't consider yourself a prime target for a DDoS attack or data breach, you still have to take responsibility for your role in the fight against hacking and internal data leaks. Plus, it's better for public relations and risk management pros to push for ways to prevent liabilities such as stakeholder data breaches or stepping-stone hacks. Take at least much time to compare threat intelligence feeds as you would spend shopping for design or productivity suites.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-bd3e320b-6f5f-47ad-ae30-589597d266a4"><span class="hs-cta-node hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" data-hs-drop="true" id="hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3457}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=bfe9d714-b9a1-4733-8b89-44b169eb6a53&amp;placement_guid=bd3e320b-6f5f-47ad-ae30-589597d266a4&amp;portal_id=458120&amp;redirect_url=APefjpHRuGvwZ2ZGOg5oyptXCyBkbguYc52f49Y-o_xhM48KdYU2Xwo2q6mKZP0AIjSwq1xjEfcaeHlJMCLeN2hYM4HsqJXlVIlb8BZ_knc1A8jWSdXpNDsy_lgYTPuiC8ZN_ZUjzAUeGXi37vKFrOARJVT9Ft0vGznGneecD8QIH_MUyNKdHywpDontxWnYX5sAPl2Z-4E8nlp1YWn_YY9IQF9N6VbNA_G5oTFUZQ1qL7yLRZhuh4noLah0oJd9Nm8DxOmD8qXs9wUeFwkDAJvtoCqZfxAruhhtZEeAzgC6sw0BgvYpgS8aT7X1-9k5WW927wZSqQlpLbMSMh4xKPFHDgTMBhnytA&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-best-threat-intelligence-feeds&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-best-threat-intelligence-feeds&amp;pageId=4369697661&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478467980860.1478822660171.178&amp;__hssc=41179005.32.1478822660171&amp;__hsfp=1335165674" id="cta_button_458120_bfe9d714-b9a1-4733-8b89-44b169eb6a53" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'bd3e320b-6f5f-47ad-ae30-589597d266a4', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.