Threat intelligence feed -
It is an ongoing, third-party stream of information, or "feed," about current or potential threats to a company in a particular category.
Example - A feed can solely focus on domains, hashes, or IPs known to be associated with malicious activity, for example
There are six main sources of threat intelligence feeds, which are all valuable:
- Open source
- Customer telemetry
- Honeypots and darknets
- Scanning and crawling
- Malware processing
- Human intelligence
- Paid feeds may provide high-quality data, you will need to monitor their relevance closely
- For every threat intelligence feed you add, the more data you need to analyze, and the higher the chance you'll encounter false positives.
- Additionally, none of these feeds come with context, which is crucial in determining whether or not you should act upon their alerts
Threat intelligence platforms -
"collect, correlate, categorize, share and integrate security threat data in real time to support the prioritization of actions and aid in attack prevention, detection and response.
Current threat intelligence solutions are most useful for large, sophisticated cybersecurity outfits
BTW - Threat intelligence - Seventy percent of the security industry professionals surveyed said they believe threat intelligence is either too complex or cumbersome to provide usable insights.
https://www.darkreading.com/threat-intelligence/is-threat-intelligence-garbage/a/d-id/1331862
No comments:
Post a Comment