How crowd-sourced threat intelligence can help security teams stay ahead of exploits

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

Crowdsourcing

is the practice of obtaining needed services, ideas, or content by soliciting contributions from a large group of people, and especially from an online community, rather than from traditional employees or suppliers. (wikipedia)

While most people think of crowdsourcing in a social context of sharing latest news, gossip and trends, it can also be useful in the information security industry when finding out about the latest malware, malicious IPs, vulnerabilities and exploits. Here's why:

Threats change

Quite simply, cybercrime is profitable, and that means that malware will keep increasing and evolving. In the information security industry, threats are dynamic and happening very quickly, so there is not a lot of time to solve problems.

No one vendor does it all

However, when you pool their resources, such as event logs, firewalls, IPS/IDS, proxies etc, then you start to get a holistic view of what's happening in the threat landscape and this can significantly improve your security posture.

It makes it easier to prioritise patches

Having knowledge of what's happening to your competitors' and peers' systems can help you focus on business critical patches. Information like what threat actors there are, where they come from and what vectors to check can make a big difference in the time it takes to find and respond to threats.

To avoid feeling like you are always one step behind, there are a number of actions to take to get more involved with sharing threat intelligence:

1) Start by getting good visibility into your own environment. Know the enterprise and the network and how employees use the system. This will help when it comes to prioritising actions based on the information you collect.

2) Use publicly available information, such as Metaspoilt, commercial pen testing solutions and the CVE database, to know which vulnerability toolkits / malware / exploits are popular.

3) It’s not just about taking information, so consider contributing to an open source threat sharing platform such as Open Threat Exchange that helps you sharing information about threats in your environment to help others learn from the threats you detect.

Cyber criminals find their own tools and tricks by sharing information with other cyber criminals and using information found on the internet, so shouldn't you do the same to protect your network?
Jaime Blasco is director of AlienVault Labs

Topics