2.4 Private Data Sources Part 1

00:01

Hello and welcome to the first Model data collection.

00:05

And this lesson. We are introducing the first type off external data collection sources, which is private data sources.

00:15

This lesson will be dedicated to discover together the different types of private data collection sources

00:23

and which type is the best feet? So we were requirements.

00:28

Basically, we mean by private data sources Threat Intelligence available. Oh, paid subscriptions.

00:35

There are a plethora off offerings from a very tee off companies, including traditional security service providers

00:44

and new specialist Threat intelligence vendors.

00:49

Private or commercial data collection sources can provide vetted and Richard intelligence and also Apted eight Intelligence.

00:59

Some of the vendors can send relevant and custom intelligence to their customers, based all their activity sector or based all the technologies used within the company.

01:11

Don't be distracted by vendors who plea to have more than five million and points or hundreds of thousands off network censors because claims like this should go in one ear and out the other. If a vendor's collection capabilities

01:30

don't produce threatened diligence

01:33

that is relevant to your company, your organization and threat model,

01:38

then it is totally useless. Hair relevance really matters

01:46

also Some providers

01:48

are more focused on rule based enjoying or productive and analytics, while others add additional layer off human analysis capabilities.

02:00

Now, if you are talking about quality, it can be a bit subjective because what can be relevant to accompany a might be useless to a company B.

02:10

This this is related to several factors, including the activity, said the sector activity that technologies used within the organization. The location the size of the size off the company, et cetera.

02:27

So reliant on Lee on feedback Already views is considered a bit superficial and shallow and hear my recommendation is to define your own you're your own use cases and requirements before looking for a threat. Intelligence Solutions.

02:46

Now let's start by introducing the first type off private data collection sources. The first type is narrative based reports.

02:57

These reports are also known as finish IT. Intelligence and multiple organizations are using threat intelligence from finalizing reports.

03:07

These reports described in details Siri's off events related to an intrusion or an incident.

03:16

Threat reports include Ditty Peas,

03:21

campaign investigation.

03:23

In some cases, they also include attribution and now there are new solution that are used. Adan Attack mapping

03:31

City I teams need to ensure that they are properly staffed and allocated enough time to make the best use of this type off reporting.

03:42

Now let's see the balance off advantage, advantages and disadvantages.

03:46

Ah, for these type of private data sources. When it comes to advantages, these reports are usually rich in detail and full indicators.

03:58

They also give a full picture and Teepees about threats. They describe scenarios off attacks, attack vectors, etcetera. Sometimes the include recommendations. And here I can add example off advisories.

04:15

Um, however,

04:16

they take considerable time to be produced.

04:19

They are also difficult to make to make them actionable,

04:26

and they require custom tools, toe automate the process and face.

04:31

Here I chose these vendors fire I Kaspersky recorded future flash points and intel for 71 as examples. But it doesn't mean in any way that these are all the examples or Onley vendors

04:48

existence in the market or the that they are the best in the market

04:55

because these examples I am familiar with

04:59

now let's move to the second type off private data sources, which is threat intelligence feeds. I think this is the most know one type off private data sources

05:11

threatened delusions. Feeds are really time and continuous streams off data that provide some information on potential cyber threats and risks.

05:21

These feeds are usually made up off simple indicators or artefacts.

05:28

For example, feed my present a stream off information on

05:32

mellower hash is Suspicious Domains or I P as I p's associated with malicious activities.

05:41

Feeds provide an easy way to get a quick riel time. Look at external threat landscape

05:47

Cyber threat Intelligence feeds their their data from sources like customer telemetry, scanning and scrolling open sources. Honey pots or deception operations, malware processing and human produced intelligence.

06:04

Not all of these sources may be relevant to your organization.

06:11

Bait eats should generally provide more unique data, like data gathered from close its sources, such as marketplaces on criminal law, criminal and underground.

06:24

Some patriots are just aggregations off open source feeds. So hear my recommendation is don't waste your money all these feeds, unless you don't have any time to do the corporation yourself.

06:38

For feeds to be actionable, they generally need to be integrated into a some solution.

06:45

Vendors Ho can bring together feeds into a single in the single solution and at context to data from feeds automatically will enable you together maximum value From this kind of dread contents

07:01

and also with the information provided by these feeds, you might choose to blacklist communications or, UM, connection requests originating from malicious sources. Now let's move to the advantages and disadvantages of these type off data sources

07:20

feeds our actionable and easy to integrate, which is something really important for threat intelligence. Private feeds or paid feeds are usually up to date intelligence, and they are vetted information.

07:35

But at the same time, there is still lack of context

07:41

compared to reports. And these feeds come in a big volume off data to ingest,

07:47

and sometimes the evil lurk relevance

07:51

here. Also, I choose to mention some example off vendors like Recorded Future Again. Muller patrol I block list True Star I, B. M X fours and Anomaly as vendors who provides threatened collisions feeds on

08:11

a bait subscriptions.