Cyber threat intelligence is all about gathering information about threats and threat actors that may help mitigate harmful events. Every day new types of malware are being created and it’s not realistic to expect your security staff to keep track of this information on their own. There are just way too many moving pieces, therefore cyber threat intelligence is important to help you focus on what’s most important to you. Companies do this by gathering information on threats that are targeting companies with a similar profile to their own. For example, if you’re a financial institution in North America, there are threat intelligence groups and sources that provide actionable intelligence tailored specifically for financial institutions in North America. This way you could be sure to focus on the threats that are most likely to affect you and make sure you stay protected. To help with this I’ve compiled a list of the top free cyber threat intelligence sources you can use in 2021:
AlienVault Open Threat Exchange
Alienvault is one of the biggest players when it comes to cybersecurity and has arguably the best free open source intelligence exchange. It allows for private companies, security researchers, and government agencies to openly collaborate and share information very easily. It has more than 80,000 participants in 140 countries who share more than 19 million potential threats daily.
Cisco Talos Intelligence
Talos is a program created and managed by Cisco, one of the world leaders when it comes to Information Technology and security. Their Talos threat intelligence team protects Cisco customers but they provide a free version of their services that provides research on threats, vulnerabilities, and emerging dangers.
The Spamhaus Project
This is a European non-profit organization that tracks cyber threats and provides real-time threat intelligence. Spamhaus has developed blocklists for known spammers and malware distributors that they provide to ISPs, email service providers, and organizations.
Department of Homeland Security (DHS): CISA Automated Indicator Sharing
This intelligence sharing service allows for private companies to report cyber threat indicators to the DHS, which are then distributed using the automated indicator sharing website. It’s very useful for finding indicators of compromise such as IP addresses, email senders, domains, and more.
This portal is managed by the FBI and provides information to 16 sectors of critical infrastructure. Private and public sector companies can use it to share and find information on different cyber threats. The FBI also shares the information that they gather through this portal.
SANS: Internet Storm Center
The SANS Institute is one of the most well-respected information security training institutes. Their database uses a sensor network that takes in over 20 million intrusion detection log entries per day to generate alerts related to security threats. In addition to raw alerts, it also provides analysis, tools, and forums for security professionals.
Google alerts is a feature that comes free with Gmail that can be used to create your threat intelligence alerts. Google alerts allow you to set up alerts based on keywords or keyword phrases that will look at all the websites that google indexes and return relevant links to you via email. This way based on your area, industry, or news your interested in, this makes it easy to stay informed and have the information delivered to you regularly.
You can think of virustotal as the google of cybersecurity, here you can put in files, URLs, or IP addresses into the search bar and it will scan them to see if they have been associated with any type of malicious behavior. Virustotal doesn’t provide any proactive threat intelligence but it can be very useful during an investigation for checking suspicious items and it does leverage community knowledge to make the final decision so I thought it was worthwhile to include it on this list.
Cyber threat intelligence is all about gathering actionable information that will be useful in making decisions. There are so many cyber threats coming out every day you can’t expect to pay attention to everything by yourself. It’s important to leverage resources like the ones above so that you can find the most important threats and understand what you need to do to defend against them. Also, remember when you use these platforms to look for threats that are specific to your type of company so that you can be sure to focus on the threats that your business is most likely to encounter.