Threat Intelligence Starter Resources

August 11, 2016 • Amanda McKeon

Creating a threat intelligence capability can be a challenging undertaking, and not all companies are ready for it. Businesses that run successful threat intelligence teams generally:

  • Collect externally available data on threats and correlate it with internal events.
  • Be aware of threats driving proactive security controls.
  • Establish proactive internal hunting for unidentified threats.
  • Invest in employee and customer threat education.
  • Expand security industry peer relationships.
  • Apply methods for collecting and analyzing external threat data.

For more information, read our white paper on building an advanced threat intelligence team.

Now, if your company is just starting out with threat intelligence and doesn’t have the time or resources to dedicate an entire department to the task, there are some easy ways to begin integrating threat intelligence into your daily routine without breaking the bank.

The following resources can help build awareness of the threat landscape and prepare your company for defense.

Google Alerts

One of the simplest ways to stay informed of potential threats is setting up Google Alerts. These can be especially useful to monitor attacks or vulnerabilities in your industry. To get the most from Google Alerts, be sure to follow Google search best practices like keeping phrases as short as possible, using quotes, leveraging domain extensions, and avoiding synonyms.

Threat Feeds

If you want to become more proactive in collecting data there are a number of open source threat feeds you can use to stay informed of suspicious IP addresses and domains as a starting point for threat research. For example, abuse.ch provides many feeds, including a ZeuS blocklist and ransomware tracker, and dan.me contains a full Tor nodelist that updates every 30 minutes.

Threat Blogs

Being well read is an important habit in life, and doubly so if you’re tasked with defending your company from cyber threats. Here’s a list of some informative blogs that range from general threat intelligence to incident response to geopolitical attacks:

  • CyberWire: Relevant briefings on critical cyber news happening across the globe.
  • OODAloop: Articles and analysis on cyber and geopolitical threats.
  • CTOvision: Context for the CTO, CIO, CISO, and data scientist.
  • FireEye: Insights on today’s advanced threats.
  • CERIAS: Articles from strategic thinkers like Gene Spafford and Sam Liles.
  • Dell SecureWorks: Articles focused on incident response and information security.
  • Palo Alto Networks: Articles and research around cyber crime and vulnerabilities.
  • DomainTools: Content focused on domain data and internet trends.
  • ProtectedBusiness: Tips and techniques for defending your business.
  • Recorded Future: Original threat research and best practices for using threat intelligence.

Threat Reports

While blog posts can keep you informed on daily threat intelligence, sometimes it is necessary to look at an entire quarter or year to get a full view of the threat landscape. The following cyber threat reports can help you get a grasp on lessons learned and best practices going forward:

Threat Tools

While staying aware of the threat landscape is critical to any company’s threat intelligence strategy, there are some tools that can supplement the data without breaking the bank:

  • Maltego: Data-mining tool renders directed graphs for link analysis and finds relationships between pieces of information from various sources online.
  • Shodan: Search engine allows you to find out which of your devices are directly connected to the internet, where they are located, and if they are being used maliciously.
  • TweetDeck: Social media dashboard (free) that many use to increase their audience on Twitter, can also help companies track multiple twitter handles and add additional security.

Did we miss an important threat intelligence resource?
Tweet us at @RecordedFuture and let us know.

Cyber Daily

At this point, you might be thinking that keeping up with all of these feeds, articles, and reports is going to take up your whole day … and you’re probably right. Threat intelligence isn’t an easy-to-consume topic, nor is it something that can be pushed aside.

To help save time, you can subscribe to our Cyber Daily email which delivers similar insights found in the previously mentioned resources directly to your inbox.

We do the hard work for you by automatically collecting and organizing the entire web to identify new vulnerabilities and emerging threat indicators. In the daily email, you’ll receive the top results for trending technical indicators as reported by the web.

These trending indicators can help you more easily prepare a cyber threat brief to present to your company. Executives and stakeholders will want the most up-to-date information on relevant vulnerabilities and threat actors. You can click through the email to get the latest on the following:

  • Trending cyber news
  • Most targeted industries
  • Top threat actors
  • Newest or most popular exploited vulnerabilities
  • Dangerous malware
  • Suspicious IP addresses

Subscribe today and use this information to stay ahead of cyber attacks.

Take It to the Next Level

If your company is already using these resources and is ready to take your cyber security strategy to the next level, Recorded Future provides analysts full context of emerging threats from the open, deep, and dark web — including volatile sources.

Request a personalized demo to see how Recorded Future can help you proactively defend against attackers with real-time threat intelligence.

New call-to-action

Related Posts

How Elite Intelligence Makes MISP More Powerful

How Elite Intelligence Makes MISP More Powerful

July 28, 2020 • The Recorded Future Team

Security analysts are under more pressure than ever As businesses adapt to new realities, the...

How Security Intelligence Improves State and Local Governments’ Strategies

How Security Intelligence Improves State and Local Governments’ Strategies

July 23, 2020 • The Recorded Future Team

State and local security analysts and their teams are drowning in threat data Agency silos make it...

Continued Rise in Ransomware Attacks Against Healthcare Providers

Continued Rise in Ransomware Attacks Against Healthcare Providers

July 16, 2020 • Allan Liska

It seems almost trite to write a report about ransomware attacks against healthcare providers After...