Estimated reading time: 2.5 minutes
Recently I did some work on a new Cyber Threat Intelligence project. The Cyber Threat Intelligence aggregation and analysis trend has been growing for a while, and there are a lot of brilliant people out there brainstorming and putting together the info. They've been experimenting to see what works and what doesn't work, and there's an opportunity to learn from their experiences. Here are some places to start.Many well-known and respected Information Technology news sources are publishing information related to CTI, as well as providing training and information on how to make your data "intelligence" instead of just "information". A nice breakdown of the differences is available from DarkReading.com
. *Be aware that if you want to read more than one or two articles you'll need to sign up for a free account.In February of 2015, a Presidential Directive was issued from the White House instructing the Director of National Security to establish a national Cyber Threat Intelligence Integration Center; or CTIIC. This seems like a wonderful feed for companies to include in their MSIEM services. This center's function will be to integrate the multitude of intelligence sources into an actionable format that can then be handed to other agencies for response. Read the press release here.
Every year, SANS holds a "Cyber Threat Intelligence Summit". In 2015 Brian Krebs (best known to me for his groundbreaking work on Stuxnet) was the keynote speaker, but they have featured many leading edge researchers. SANS makes their information available to the general public once the summit has completed.Vigilant Inc.
announced their "CTI Portal" (in this case standing for "Collective Threat Intelligence") back in 2012. Reuters carried the story here
and there's another story covering it at DarkReading.com
.DarkReading.com is an excellent resource for "bleeding-edge" info, but remember that it's "InformationWeek" magazine's IT section and always verify your info. With that out of the way, they have an interesting article with actual examples of how to utilize Cyber Threat Intelligence day to day in a way that allows you to become proactive instead of reactive. Read it here
.Dell SecureWorks is worth a mention, it's available here
.Lastly, Recorded Future
has a threat intel newsletter (that you can subscribe to for free - of course), which offers some great insights into recent threats. You can find out more, here
.So, Cyber Threat Intelligence is out there and the movement is growing. Check it out, have a look at what other people are thinking and doing, see what resources are available. It's an information overload, of course, so try not to drown in it. If you're starting from nothing, the links here can be great places to start.