Over the years, many managed security service providers have been publishing variants of an external Threat Analysis in one form or another. Annual, Quarterly, Weekly, Daily, and live feeds are regular deliverables now from anyone who is anyone in the Security Industry.
Great news, right? Well... sort of...
The fact is, that each of these service providers had their own proprietary naming conventions and threat report formats. This made it difficult for the consumer of these reports and feeds to understand what information was redundant, and what was really important.
Recently, however, many of these providers have banded together at the influence of the U.S. Department of Homeland Security (DHS) and Mitre Corporation. A community has formed, intent on standardizing not only the language used to to represent structured cyber threat information - Structured Threat Information Expression (STIX™) - but the transport mechanism used to distribute this cyber threat information as well, called Trusted Automated Exchange of Indicator Information (TAXII™).
By standardizing on the language and delivery of cyber threat information, clear and expeditious remediation can be put in place without wasting time wading through multiple vendor notifications.
Links to the various Managed Security Service Providers Threat Intelligence.
IBM has X-Force
- IBM X-Force security professionals monitor and analyze security issues
from a variety of sources, including its database of more than 76,000
computer security vulnerabilities, its global web crawler and its
international spam collectors.
Symantec has DeepSight
- Symantec has established some of the most comprehensive sources of
Internet threat data in the world through the Symantec™ Global
Intelligence Network, which is made up of approximately 69 million
attack sensors which record thousands of events per second.
CheckPoint has Threatcloud
- ThreatCloud, the first collaborative security infrastructure to fight
cybercrime. ThreatCloud dynamically reinforces Check Point Threat
Prevention Software Blades with real-time threat intelligence derived
from Check Point research, global sensors data, industry feeds and
specialized intelligence feeds from the ThreatCloud IntelliStore.
Paolo Alto has Wildfire
- WildFire offers a completely new approach to Cybersecurity, through native integration with Palo Alto Networks Enterprise Security Platform,
the service brings advanced threat detection and prevention to every
security platform deployed throughout the network, automatically sharing
protections with all WildFire subscribers in about 15 minutes.
McAffee has GTI (Global Threat Intelligence)
- McAfee Global Threat Intelligence (GTI) notices the anomalous behavior
and predictively adjusts the website’s reputation so McAfee web security
products can block access and protect customers. Then McAfee GTI looks
out across its broad network of sensors and connects the dots between
the website and associated malware, email messages, IP addresses, and
other associations, adjusting the reputation of each related entity
Radware has Lancope StealthWatch
- Lancope Inc. is a leading provider of network visibility and security
intelligence to defend enterprises against today’s top threats. By
collecting and analyzing NetFlow, IPFIX and other types of flow data,
Lancope’s StealthWatch® System helps organizations quickly detect a wide
range of attacks from APTs and DDoS to zero-day malware and insider
threats.
F5 has IP Intelligence
- F5® IP Intelligence incorporates external, intelligent services to enhance automated
application delivery with better IP intelligence and stronger, context-based security. By identifying IP addresses and security categories associated with malicious activity, the IP Intelligence service can incorporate dynamic lists of threatening IP addresses into the F5 BIG-IP® platform, adding context to policy decisions. IP Intelligence service reduces risk and increases data center efficiency by eliminating the effort to process bad traffic.
Cisco-Sourcefire has Talos
- The Cisco Talos Security Intelligence and Research Group (Talos) is a
group of elite cyber security experts whose threat intelligence detects,
analyzes and protects against both known and emerging threats by
aggregating and analyzing Cisco’s unrivaled telemetry data of billions
of web requests and emails, millions of malware samples, open source
data sets and millions of network intrusions. More than just a
traditional response organization, Talos is a proactive member of your
security ecosystem, working around the clock to proactively discover,
assess, and respond to the latest trends in hacking activities,
intrusion attempts, malware and vulnerabilities with new rules,
signatures, file analysis and security tools to better protect your
organization.
Trend Micro - Security Intelligence
- With Trend Micro at your side, you can safely navigate the changing
cyber security landscape. We defend tens of millions of customers around
the clock through a worldwide network of 1000+ threat researchers and
support engineers committed to 24x7 threat surveillance and analysis,
attack prevention and remediation, and educational tools to help you
secure your data against cyber crime in this ever-changing digital
world.
Kaspersky Labs -Threat Intelligence
- Kaspersky Lab’s Security Intelligence Services constantly monitor the
threat landscape, identifying emerging dangers and taking steps to
defend and eradicate. Combining our world-leading knowledge of malware
and cybercrime with a detailed understanding of our clients’ operations,
we create bespoke reports that provide actionable intelligence for an
enterprise’s specific needs. Our intelligence services range from
subscriptions to our global network insights, monthly threat analysis
specific to your organisation, through to bespoke training and education
programmes.
Arcsight has Reputation Security Monitor
- Actively enforce and manage reputation-based security policies to help
focus on those threats with most risk. By using frequently scheduled
updates of reputation data, vetted by a global cadre of experts, HP
RepSM detects communication with sites known to have bad
reputations-preventing exfiltration of intellectual property and
reducing business risk. In addition, you can proactively monitor and
protect the reputation of your own enterprise by making sure company and
partner web sites and assets are not found on the bad reputation list.
Microsoft is soon announcing Interflow
- The new Interflow
platform, based on Microsoft's Azure cloud service, is geared for
incident responders and security researchers. "We needed a better and
more automated way to exchange information with incident responders.
That's how we started on a path developing this platform," says Jerry
Bryant, lead senior security strategist with Microsoft Trustworthy
Computing. "This allows for automated knowledge exchange."
Note: Apologies if I've missed your favorite Internet Threat Analysis feed or report.
Add a quick comment below, and I'll update this list if appropriate.
References:
https://stix.mitre.org
https://taxii.mitre.org
NetworkWorld: The International Security Community Should Embrace the STIX and TAXII Standards
Networkworld: Symantec rolls out threat-intelligence sharing with Cisco, Check Point, Palo Alto Networks
US-CERT: Information Sharing Specifications for Cybersecurity
IBM X-Force Threat Intelligence
Infosec Institute: Reinventing Threat Intelligence
Large Organizations Need Open Security Intelligence Standards and Technologies
SANS.org: Developing Cyber Threat Intelligence...
BrightCloud: 2014 CYBERTHREAT DEFENSE REPORT
Threat intelligence lifecycle maturation in the enterprise market
Many of you are now screaming at me:
