One of the tools that helps identify and combat information security threats to your company is “threat intelligence.” Some companies are building their own threat intelligence plans, and some are buying services from providers offering threat intelligence services. Threat intelligence is information that has been analyzed to discover informative insights – high quality information that will help your company make decisions. It is like an early warning system that will help your company prioritize vulnerabilities, predict threats, and prevent the next attack to your systems.
Threat information can come from different sources:
1. Internal sources such as information coming from internal employees, organizational behaviors and activities
2. External sources such as government agencies, websites, blogs, tweets, and news feeds
3. Logs from network equipment, both from your own network, from Internet Service Providers, and from telecoms
4. Logs from security equipment (firewalls, IPS, etc), servers, and applications
5. Managed security providers that aggregate data and crowd-source information
The challenge of threat intelligence is how to put the pieces together that have been gathered from these different sources. A tool that is able to digest all these data (Hadoop and Mapreduce tools for Big Data comes to mind) is necessary to produce meaningful information. Security data analysts are also key in producing actionable threat intelligence from these wide variety of data.