From phishing to…
…Fake websites, multi-vector attacks, well-financed, agile threat actors outside your organization are busy developing detailed, pre-planned attacks that generally go unnoticed by traditional security measures as most of the attacks are zero-day meaning exploiting a vulnerability that was discovered on the same day.
Threat Intelligence is essential to monitor your external attack surface, assess emerging risks, and deliver timely, actionable intelligence specific to your organization and your supply chain.
Understanding the threat landscape is really important as it will help customers to make better risk based decisions, Generally at RiverSafe we tend to follow the below methodology
A few things that are critical in any threat intelligence are...
Enrich your alerts with external threat intelligence which informs investigations and identifies attacker infrastructure, and this helps in prioritizing threats and eliminate those that put your business at the greatest risk.
Open Source Threat Intelligence
Generally open source threat intelligence is derived from data and information that is available to the general public. Use open source intelligence techniques to identify past, present and future attacks by understanding the exposure of your company.
Indicators of Compromise (IoCs) is one type of information that can be processed and enrich your different tools to provide them with a lot more context. Tactics, Techniques and Procedures from malicious actors on the other hand will help your analyst have a better understanding of the attack methodology used by threat actors and hunt for them more efficiently.