Types of Threat Intelligence Feeds
For IT teams, threat intel feeds are a critical part of the fight against cyber threats. These curated, actionable collections of information help reduce the time it takes security teams to detect and respond to malicious activity. They also increase the accuracy of security alerts, which improves the likelihood that threat intelligence will be successfully acted upon.
There are a number of different types of threat intel feeds, each offering varying levels of quality and accuracy. To get the most value from a threat intelligence feed, it’s important to carefully consider your security goals. Some feeds are targeted to specific types of threats, such as phishing or malware, while others can be used to monitor all types of cyber activity. Regardless of the type of threat intel you need, it’s important to ensure that the feed you choose is compatible with your existing tools and security workflows.
Navigating the World of Threat Intelligence Feeds: A Comprehensive Guide
The most common type of threat intel is machine-readable data formatted according to the STIX/TAXII standard, which provides information about active attacks including malicious URLs, cryptographic hashes, IP addresses and more. It is typically consumed by SIEMs, SOAR platforms, IDS/IPS and EDR/EDR tools with response functionality such as blocking, alerting and advisories.
Open source threat intelligence feeds are one of the most popular options for identifying and tracking threats. Popular OSINT feeds include Ransomware Tracker, the Internet Storm Center, VirusTotal and the FBI InfraGard Portal. These feeds are available free of charge, though they may not always be updated regularly. Another option is to subscribe to a threat intelligence consolidator, which can provide a single report with all of the relevant information you need from numerous feeds.