Cyber Threat Intelligence Sources

On Feb 12, 2015, US president sign an Executive Order to encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government. Rapid information sharing is an essential element of effective cybersecurity, because it enables companies to work together to respond to threats, rather than operating alone. This Executive Order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats

“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.” — Gartner

In this article, lets see the various premium edition of cyber threat intelligence available in the market today. While the list is not comprehensive, but it’ll give insights on widely used sources.

  1. iDefense: iDefense Security Intelligence Services has established a proven track record of providing timely, relevant and actionable cyber threat intelligence to the largest organizations in the world
  2. Cyber4Sight: Booz Allen Managed Threat Services deliver comprehensive, context-rich threat intelligence that enables you to prioritize strategic security decisions and to detect, understand, and mitigate risks. 
  3. Cofense Intelligence: Cofense Intelligence uses multiple collection methods to monitor the ever-growing volume of spam and malware propagated on a daily basis.
  4. CrowdStrike Falcon Intelligence: CrowdStrike® Falcon® is the first platform to seamlessly integrate threat intelligence into endpoint protection, automating incident investigations and speeding breach response
  5. Department of Homeland Security: The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed
  6. SearchLight: Digital Shadows SearchLight™, is a scalable and easy-to-use data analysis platform that provides a holistic view of an organization’s digital footprint and the profile of its attackers
  7. iSight Intelligence: The FireEye iSIGHT Intelligence team employs a formal intelligence process, similar to a state-based intelligence organization, but optimized over nearly a decade, to rapidly collect and analyze findings and disseminate new intelligence to customers.
  8. Dragos WorldView: WorldView threat intelligence feeds, alerts, reports, and briefings provide deep, context-rich insight, illuminating the malicious actors and activity targeting industrial control networks globally. This knowledge enables ICS defenders to make both tactical decisions and strategic recommendations on ICS cybersecurity quickly, and with confidence.
  9. Flashpoint: Flashpoint Intelligence platform grants access to our expansive archive of Finished Intelligence reports, data from illicit Forums, marketplaces, and Risk Intelligence Observables in a single, finished intelligence experience.
  10. Intel 471: Intel collectors are globally deployed, close to the adversary, with native language and cultural understanding. Expert intelligence analysts based in both the USA and UK
  11. Kaspersky Lab: The goal is to provide security teams with actionable data, preventing cyber-attacks before they impact organization. Contextual data provided in Threat Data Feeds is aggregated from fused, heterogeneous, highly reliable sources and helps reveal the ‘bigger picture’, further validating and supporting the wide-ranging use of the data
  12. Retail Cyber Intelligence Sharing Center: The RH-ISAC facilitates security intelligence sharing, analysis, and understanding through both human and machine-to-machine data exchange. Campaigns, indicators and requests for information are shared across similar verticals to increase context around individual threats, industry-wide threat landscape trends, tools and techniques
  13. Recorded Future RiskList: Recorded Future arms security teams with the only complete threat intelligence solution powered by patented machine learning to lower cyber risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context in real time and packaged for human analysis or integration with security technologies.
  14. Secureworks Attacker Database: The Secureworks Attacker Database is a set of threat data feeds and APIs that allows customers to integrate Secureworks Threat Intelligence with thier existing security platform.
  15. MISP: The MISP (Malware Information Sharing Platform) threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.
  16. DeepSight™ Intelligence: Symantec DeepSight Actionable intelligence provides the necessary context and technical details surrounding a threat so teams can quickly assess cyber risk and implement proactive controls
  17. ZeroFOX: ZeroFOX is a valuable resource for blocking and analyzing social-media-based threat indicators such as profiles, pages, posts, and comments from a number of different sources

Threat intelligence platforms that provide automated risk scoring for threats, as well as the reasons behind those scores (like the sources of information and an explanation of the algorithms that determine them) help security professionals quickly evaluate what alerts they need to prioritize, which they can get to a little later, and which they can safely ignore. It’s one of the reasons why threat intelligence makes security teams work efficiently.