Following up on our post the other day, we found this great example of the difference between threat data (as in all those “feeds” with indicators) and threat intelligence on Black Hills’ security blog. Basically intelligence is data with context.…
Saw this post today over on CSO Online very accurately describing what is going on in today’s world of threat intelligence. Put bluntly … most vendors are not selling threat intelligence. Instead I would call it threat data, which lacks…
The recent government release of information sharing guidelines reminded me of a post @taosecurity did a while back where he takes a stab answering this question. As usual in infosec … “it depends” is the answer. Still, it’s a great…
Fresh off the recent passing of the Cybersecurity (Information Sharing) Act of 2015, DHS and DOJ have issued guidance on the sharing cyber threats information. The first publication describes how non-federal entities should share indicators and countermeasures with federal entities…
This forthcoming book, titled Intelligence-Driven Incident Response: Outwitting the Adversary, looks to be an interesting read to add to your wish list for anyone interested in getting into, or furthering their threat intel work. Kudos to Kyle Maxwell (@kylemaxwell) and…
I came across this doozy in a book my kid is reading — “Jedi Apprentice: The Dark Rival.” In one scene Jedi Master Qui-Gon Jinn is trying to access a computer of some sort of his former Padawan, Xanatos. Of…
Beyond being just a great resource on where to gather your own open source intelligence, @da_667‘s recent post makes a great point at the end in defense of the so called “easy” indicators (e.g., hash values, IP addresses, and domain names)…
Years ago I sat in my first network security class learning all about the OSI model, the operation of TCP/IP, port and protocols, and many other interesting topics. One of the main take-aways was to always segment your network for…
The HTTP protocol has long been used by bad guys as an infection vector, command and control channel, and of course data exfiltration. The countermeasure most organizations use to mitigate this attack path is a proxy server that monitors outgoing…
For the past few years there has been a big focus on attributing attacks. The government has always been in the game (but obviously keeping it close to the vest) and recently vendors have been getting into the action for…