Simply put, threat intelligence – also known as cyber threat intelligence, or CTI – is information that is collected, analyzed, organized, and refined to provide insight, input, and advice about potential and current security threats or attacks that could pose potential or actual risks to an organization.
CTI covers a wide range of information sources and can involve reports of attacks obtained from security telemetry in cybersecurity software, from researchers conducting experiments, and even from automated security testing tools (e.g. fuzzing) that automate repeated variations on accepted or expected inputs into systems and software.
Threat intelligence feeds: free and open source
Gathering and providing threat intelligence often occurs in the form of various “feeds.” These are continuous, ongoing streams of data about threats that incorporate information items about newly-discovered threats along with updates and amendments to information about known existing threats. Threat intelligence feeds are an important part of modern cybersecurity best practices, and may include information about countering or working around individual threats (often called “remediation advice”).
In general, threat intelligence feeds fall into two broad categories. First and most widely consumed are those identified as free or open source security feed options. These are available to all interested parties and may be consumed without incurring costs for their uptake and use (though they are subject to licensing conditions about which prospective consumers should make themselves aware).
Searching the Web for “best open source threat intelligence feeds” is a good way to identify such things, given that there are hundreds of such feeds from which cybersecurity service and software providers and interested organizations can choose. Here’s an example “Top 10 List” from D3 Security:
- Department of Homeland Security: Automated Indicator Sharing
- FBI: InfraGard Portal
- @abuse.ch: Ransomware Tracker
- SANS: Internet Storm Center
- VirusTotal: VirusTotal
- Cisco: Talos Intelligence
- VirusShare: VirusShare Malware Repository
- Google: Safe Browsing
- National Council of ISACs: Member ISACs
- The Spamhaus Project: Spamhaus
Kiuwan draws much of its Open Source Security data from the NIST NVD (National Vulnerability Database), which is another widely-used and -respected free and open source security feed.
Threat intelligence feeds: commercial options
Working with free, open source intelligence feeds involves a wide-open, no-holds-barred outlook on converage, content, and quality. Working with such feeds requires a fair amount of work to separate the wheat from the chaff – that is, to filter out inputs and information that is not relevant to the exposures and vulnerabilities actually present in one particular organization or another.
Commercial CTI feeds let customers – who can pay upwards of US$1,500 a month per feed for such access – establish and maintain filtering criteria to make sure they see only information of direct and immediate relevance to the hardware, software, and systems present in their organizations.
According to Technology Comparison and Rating company CompariTech, the top 6 such producers are as follows:
- SolarWinds Security Event Manager
- ManageEngine Log360
- CrowdStrike Falcon X
- Mandiant Cyber Threat Intelligence
- AlienVault USM
- Sophos UTM
The interesting thing about threat feed consumption is that most such feed come in multiple tiers – at progressively higher monthly costs – and really target enterprise-scale organizations and security service and software providers.
Unless you have a team of security researchers and analysts (and a sizable budget to support their direct and indirect costs – including commercial security feeds) this will be more than most organizations are willing to fund and handle on their own.
Kiuwan solutions help software development teams manage cyber threats
For organizations that focus on software development, Kiuwan’s products integrate threat intelligence into their makeup and capabilities. Organizations that want to benefit from quality, focused threat intelligence and top-notch remediation advice for the software they develop will find Kiuwan’s products well worth considering.
The Kiuwan Code Security (SAST) platform provides automatic code scans that readily identify and remediate vulnerabilities, with support for OWASP and CWE code security standards.
The Kiuwan Insights (SCA) platform helps organizations manage risk arising from third-party software components, especially those with Open Source licensing, to remediate vulnerabilities and ensure license compliance.
Finally, Kiuwan’s Code Analysis (QA) platform integrates into well-known IDEs (including Eclipse, Visual Studio, IntelliJ IDEA, Phpstorm, Pycharm, and Webstorm) to provide direct code visualization and analysis within their native IDEs, along with built-in advice on best coding practices and vulnerability remediation as part of automated code check-in and testing processes.