Saturday, February 13, 2021

Free Threat Intelligence Platforms and Feeds

Threat intelligence plays an important role in today's cybersecurity defenses. Not only do cyberattacks destroy an organization's reputation, but it can cost millions of dollars to recover in the aftermath of cyberattacks.

Therefore, it is crucial to gain threat intelligence and prepare for an attack before a threat becomes an incident. This is especially important for professionals working in various areas of cybersecurity, especially those working in the Security Operations Center (SOC) and working with tools like SIEMs or incident response teams.

See my blog post below for what Cyber Threat Intelligence (CTI) is and a list of vendors.
Cyber Threat Intelligence (CTI) Vendors

As you can see in the above blog post, there are so many vendors in the market. However, here I provide information threat intelligence information that you can use for free.

▶ SANS Internet Storm Center (ISC)

Today the Internet Storm Center (ISC) gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries. It is rapidly expanding in a quest to do a better job of finding new storms faster, identifying the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe.

▶ IBM X-Force Exchange

The X-Force Exchange (XFE) is a free SaaS product that you can use to search for threat intelligence information, collect your findings, and share your insights with other members of the XFE community.

▶ FireEye Threat Intelligence - Mandiant's Advantage

Mandiant's Advantage is a SaaS-based Threat Intelligence platform designed for security response teams. See this post for more details.

▶ Cisco Talos

Cisco Talos is the threat intelligence organization at the center of the Cisco Security portfolio. The Talos threat intelligence team protects Cisco customers, but a free version of their service is available.

▶ RiskIQ

RiskIQ’s security intelligence platform adds context and insights by automating data assembly from IPs, domains, services, ports, hashes, components, and code across the enterprise and third parties.

▶ OPSWAT MetaDefender Cloud

The OPSWAT Threat Intelligence Feed is an enterprise security product designed to deliver real-time threat knowledge to organizations, easily integrating inside existing infrastructure to provide better protection against sophisticated attacks.

▶ Google VirusTotal

Virus Total is an online service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. It provides an API that allows users to access the information generated by VirusTotal.

Google acquired VirusTotal in September 2012, and the company's ownership switched in January 2018 to Chronicle, a subsidiary of Alphabet Inc.

▶ Google Safe Browsing

Google Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer.

▶ Recorded Future

Recorded Future Express is a free browser extension that delivers real-time intelligence via risk scores and context on IP addresses, domains, hashes, URLs, and CVEs.
With Recorded Future Express, you can instantly:
• Prioritize SIEM alerts
• Detect and prevent phishing 
• Enrich IOCs anywhere
• Jumpstart your investigations

※ NOTE: I have experienced that web page response is slow on ServiceNow with this extension.

There are many other free and open-source based threat intelligence feeds and projects out there. Please check out the reference links below.

* Related posts:

* Reference links:
A curated list of Awesome Threat Intelligence resources
10 of the Best Open Source Threat Intelligence Feeds
A List of the Best Open Source Threat Intelligence Feeds
The Top 61 Threat Intelligence Open Source Projects

No comments: