Creating And Maintaining A Custom Threat Profile

Threat intelligence is only useful if its tailored to your specific organization. Here are some tips on how to customize

[The following is excerpted from Creating and Maintaining a Custom Threat Profile, a new report posted this week on Dark Readings
Threat Intelligence Tech Center
.]
Security researchers and vendors are developing a wealth of new data on threats and exploits in the wild. Organizations can tap into this data through the use of threat intelligence feeds, but all too often these feeds are served up in a generic fashion -- identical for all customers, no matter what their industry, size, location or other distinguishing characteristics.
What enterprises need is threat intelligence that is relevant and actionable, which requires not only a prioritization model but also deep knowledge of the systems and data that must be protected in the first place -- and at what cost.
There are numerous sources and types of threat intelligence feeds. Some are internally sourced, while others come from external third parties and are part of a subscription service.
The information available also varies widely based on the vendor providing the service. It may be directly downloadable into a security information and event management (SIEM) product, or it may come in the form of detailed reports that are harder to parse and act on immediately. In any case, the purpose is the same: to provide data that enables a company to make quick and informed decisions about threats against their assets.
Its important to keep in mind that not all threat intelligence feeds are created equal. The average feed will include reputation-based data such as known bad IP addresses, domain names, spam sources and active attackers. That information may be simply a regurgitation of data a vendor received from another source, or a vendor may vet the data to ensure its accuracy before providing it to customers. Clearly, the latter is the preferred model.
And not all intelligence comes in for the form of a feed. Detailed threat reports are valuable for learning more about specific attacker groups or types of attacks. These reports come in either a long, detailed document form for investigators or in an executive summary-style format for getting management up to speed on active threats. The detailed versions can include identifiable characteristics for determining if particular attacker groups have compromised systems, but they need to be read in detail and parsed for information that is actionable.
Another distinguishing factor is the degree to which intelligence data is tailored to the customer. Some intelligence feeds come as a generic set of information that is delivered to all customers, regardless of their size or what industry they are in. Depending on the vendor, there may be options for customizing data based on industry and technologies in use by the customer.
Joe Magee, CTO of threat intelligence services provider Vigilant, explained to Dark Reading that its often this value-added prefiltering, validation and customization of information that sets vendors apart. Instead of simply providing a data feed, a provider should work closely with customers to determine what intelligence data is important, customize what is delivered and ensure that its integrated into the customers security information and event management (SIEM) system, Magee says. The SIEM itself can be on site at the customers facility and managed remotely, or part of its cloud-based service.
One very big problem that many companies face is that they dont fully understand the threats against their organizations. Creating a threat profile is a key step in understanding what threats a company faces and the potential impact if an attack were to be successful. A threat profile can also help companies prioritize resources in order to successfully defend sensitive data.
To learn more about how to build a customized threat profile -- and how to use it to prioritize security tasks and measure security risk --
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Creating And Maintaining A Custom Threat Profile