Explain Threat Intelligence Sources - ProgrammerTech
Language:

Search

Explain Threat Intelligence Sources

  • Share this:
Explain Threat Intelligence Sources

As a protection professional, you should continue to expand your knowledge of every strategy, technology and technology you use. (Threat Actor) as well as keeping pace with new strategies that can be used by (Threat Agent). This includes new security gaps that consistently appear daily in different technologies, as well as new malware knowledge so that you can easily enhance Security Control in-house.

Threat Research Sources

Looking for new security threats is a major effort in which security companies and researchers try to discover TTP tactics, techniques, and procedures. There are many companies involved in these research for the purpose of counterintelligence worldwide. Like companies that produce anti-malware software as well as companies that produce firewall, those companies need this research for the purpose of enhancing security control. Because these companies help customers in cybersecurity, they are able to analyze TTP significantly and try to monitor hackers as well.

Deep Web or Dark Web is one of the main sources of the new Dark Web threat search is part of the global network that is not indexed by regular search engines. For this reason, the availability of such information is abundant. That's because tracking that is so hard. This is because of the powerful intranet encryption methods within that network.

Dark Net: is a network accessible using other programs such as TOR that are abbreviated to The Onion Router, I2P or Freenet in all programs that can be used to enter this world. It also hides the server's ambience and prevents any three parties from knowing the connection or analyzing any activity, for example using multiple TOR capture for encryption.

Threat Intelligence Providers

We talked about the dark network and knew it was a major source of search for new security threats, but there are also companies that I can follow to see any new security vulnerability and these companies have an annual or monthly subscription in return that tells you about the latest security threats and protection methods such as IBM X-Force Exchange, Recorded Future and FireEye.

You can also follow Vendor websites, so you get the latest security threats and solution methods, and companies offer this service for free. For example, Microsoft has a special blog for those new security threats and solution methods. Vendor websites here are companies that use their services and have in one of these services a security gap, for example. You'll find that company talking about vulnerabilities and Security patches.

Public/private information sharing centers

In many industries, a public-private information clearing house (ISACs) has been established to share information on security threats and promote security best practices. I speak here about vital industries such as financial markets, energy resources or aviation, for example, in the absence of coverage from ISAC those companies meet to provide mutual support.

Open source intelligence (OSINT)

OSINT refers to the collection of information from public data centers and that data is collected for a specific functional service and includes social media websites or blogs. Although the OSINT concept is very large, we simply talk about it, but we will try to define OSINT simply, and bearing in mind, current public information is collected and analyzed for a specific purpose. You know there's no privacy online. In the case of Threat Intelligence, OSINT's concept is used for the purpose of detecting new security threats such as Malware, for example, and includes information collection and analysis as well as VirusTotal.

Tactic, technique, or procedure (TTP)

Technical, tactics, procedures or so-called TTP is a process in which an opponent's behavior is analyzed in terms of attack strategies, attack execution methods, tools used, or you can tell how the opponent behaves in terms of strategies, classification and how to determine what those actions might look like, and these strategies are very important for assessing the security situation of the company.


Ahmed Kaissar

Ahmed Kaissar

From Egypt from Giza Governorate a web programmer and information security expert a lover of technology and information security a trainer for languages ​​Python HTML  CSS PHP  JS  Laravel and a CTF test trainer. I hope to communicate everything I have to everyone and do not skimp on any information.