We Need Better Classification of Threat Intelligence

The threat intelligence landscape has vastly changed over the years. While the term was originally used to refer to malware Indicators of Compromise (IOC) – lists of known malware signatures and the servers those malware communicate with, a method to identify infected devices within corporate networks – as time went by vendors have broadly expanded that concept to offer new types of intelligence. The term “Threat Intelligence” encompasses an ever-growing set of offerings that, on an operational standpoint, have different use cases. 

For example, intelligence on external threats such as leaked documents or leaked source code has nothing to do with malware. Other examples may not even refer to malicious threats, where sensitive data can leak due to an error on one of the employees’ behalf. Intelligence can be in the form of feeds, mapping known “bad things” on the internet, or could be specific to an organization. Yet, all these intelligence deliverables are grouped together with malware IOCs as part of “threat intelligence”. 

Adding to the complexity is the fact that some “threat intelligence” offerings are focused on detecting threats, while others are focused on enriching it. There are multiple popular threat intelligence solutions designed to help SOCs investigate potential incidents. In these use cases, the user already has an indicator – an IP address, a domain name, etc. – and they want to understand if it is legitimate or malicious. Intelligence offerings focused on detection aim to alert the users of the threats in the first place. In larger intelligence operations, a combination of both types of offerings is implemented.

Continue Reading on SecurityWeek

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

IntelFinder is the most cost effective threat intelligence solution on the market, offering customer-specific and actionable therat intelligence at a fraction of the cost. We cover a wide variety of threats, such as similar domain registration, rogue apps, leaked employee credentials, leaked source code, leaked documents, exposed subdomains and more – all for only $250/month per brand.

IntelFinder is offered with a one month free trial – no strings attached and no credit card information required! 

TRY INTELFINDER NOW

Stay Updated,
Join our Mailing List.