EN, Search Security Resources and Information from TechTarget

Top open source and commercial threat intelligence feeds

<p>Cybersecurity threat intelligence feeds play an important role in security. They detail current attacks and their sources. These characteristics, better known as <a href=”https://www.techtarget.com/searchsecurity/definition/Indicators-of-Compromise-IOC”>indicators of compromise</a>, include, among other factors, IP addresses, domain names, URLs, email addresses, malware file hashes and filenames.</p>
<p>Security teams use this information to improve how quickly and accurately they can <a href=”https://www.techtarget.com/searchsecurity/tip/6-common-types-of-cyber-attacks-and-how-to-prevent-them”>detect potential attacks</a> and to better estimate the severity of an incursion. This helps prioritize the organization’s response strategy — especially automated responses.</p>
<p>A wide variety of cybersecurity tools — among them firewalls, SIEM, security orchestration, automation and response and endpoint detection and response technologies — consume machine-readable threat intelligence feeds. Organizations also use integrated threat intelligence platforms that bring together multiple feeds to provide machine-readable data that is prioritized, actionable and accurate.</p>
<p>Let’s take a closer look at cybersecurity threat intelligence feeds and highlight some leading options — both open source and commercial.</p>
<section class=”section main-article-chapter” data-menu-title=”Criteria for feed evaluation”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Criteria for feed evaluation</h2>
<p>Every threat intelligence feed is different. While some feeds contain similar information, other feeds contain much different data or only target specialized subsets, such as <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users”>phishing-related</a> data. As CISOs and their security teams evaluate potential feeds for their organization, consider the following:</p>
<ul class=”default-list”>
<li>How current is the feed? How often is it updated? How often is outdated information expunged?</li>
<li>How detailed is the information in the feed? For example, is it just IP addresses, or does it also indicate the types of activity associated with each IP address? Generally, it’s better to have more detailed information available.</li>

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: