Open Source Intelligence (or OSINT) tools
OSINT tools collect and distribute threat information available in the public domain. Analysts use OSINT tools to investigate a threat by collecting information about the possible target, thereby helping the analyst gain a fuller picture of the threat and its potential severity.
An integral part of the cyber defense ecosystem, ISACs collect, analyze, and share actionable threat information to their members. ISACs are grouped by sectors such as electricity, financial services, and healthcare to mitigate cyber risks and enhance the resilience of the nation’s critical infrastructure. Committed to information sharing, ISACs emerged 20 years ago to answer the U.S. government’s call to action for public-private partnerships to defend against cyber threats.
Threat intelligence feeds
Open source threat intelligence feeds are intended to help Security Operations Center teams work more effectively in response to identified threats. Some of these feeds include the U.S. Department of Homeland Security’s Automated Indicator Sharing feed, the SANS Internet Storm Center, and The Spamhaus Project.
Threat intelligence platforms (TIPs)
Threat intelligence platforms and products serve up evidence-based information around knowing threats, including indicators of compromise (IoCs), implications, and advice for threat mitigation (or threat response). SOC analysts leverage threat intelligence, often via feeds, to inform how they take action when threats are detected.
A security information event manager (SIEM) combines security event management (SEM) and security information management (SIM) technologies. SIEM tools allow SOC analysts to review network logs and event data (such as alerts from IronDefense as integrated in the SIEM), in turn reporting on that log data. ATT Cybersecurity reports that 76 percent of cybersecurity professionals reported the use of SIEM tools led to reduced security breaches.
In-house threat intelligence analysts, such as those in IronNet’s Cyber Operations Center, conduct extensive research, compiling the latest data from many trusted sources, such as AlienVault OTX and Abuse.ch. Analysts vet the information and rank it based on source, age, and confidence to reduce false-positives. The analysts follow a stringent testing process to verify the threats based on human analysis and automated scripts.