8 Low or No-Cost Sources of Threat Intelligence
Here’s a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt01e3741c55295d8a/64f0da51aa8ec50a0d981c84/Slide-1-CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Organizations know they need to get serious about threat intelligence, but it’s not always clear where to find credible information. While just about every security industry vendor website offers up information on the latest threats, some are better than others. Here, we 'll point out the sites that are the most informative and useful.
We called on Roselle Safran, president of Rosint Labs, to work with us to build a meaningful list. Safran's extensive experience in cybersecurity includes several years of service in the Executive Office of the President and Department of Homeland Security during the Obama administration.
Safran included some obvious choices from federal government sources, but she also struts her cybergeek sruff by offering up some lesser-known sites that track ransomware and malware. We combined forces with Safran to develop a list that will give novices the threat intelligence amuse-bouche they need while supplying some intel red meat for experienced security pros.
Go through the list. You’ll find that there are many more than eight sites to choose from:
While the National Council of ISACs was formed in 2003, the ISAC concept was first introduced in 1998, almost 20 years ago. Today, there are 24 ISACs. Some of them, like the financial services ISAC (FS-ISAC), are expensive to join. But many of them offer low or no-cost threat intelligence. The basic idea is for each critical infrastructure sector to have its own organization that monitors and ferrets out threat information specific to that industry vertical. Most ISACs have 24x7 threat warning and incident reporting capabilities, and many also set the threat level for their sectors. Follow this link to look up the ISAC that applies to your industry.
Managed by @abuse.ch, Ransomware Tracker is a Swiss security site that focuses on tracking and monitoring the status of domain names, IP addresses, and URLs that are associated with ransomware. This includes botnet command-and-control servers, distribution sites, and payment sites. According to the Ransomware Tracker website, by using data provided by the site, hosting, and ISPs, as well as national CERTs, law enforcement agencies and security researchers can receive an overview on infrastructure exploited by ransomware and whether these are actively being used by bad threat actors to commit fraud. The site also offers guidelines for mitigating ransomware as well as blocklists for stopping ransomware at the network edge.
Founded in 1998, The Spamhaus Project is an international non-profit based in Geneva and London that tracks spam and related cyber threats such as phishing, malware, and botnets. While it is best-known for publishing DNS-based blocklists, according to its website, Spamhaus produces special data for use with Internet firewall and routing equipment, such as the Spamhaus DROP lists, botnet C&C data, and the Spamhaus Response Policy Zone data for DNS resolvers, a tool that helps prevent millions of internet users from clicking on malicious links in phishing and malware emails.
The Internet Storm Center was founded in 2001 following the collaboration that took place in the security community following the Li0n worm. Today, the ISC gathers millions of intrusion detection log entries every day, from sensors covering more than 500,000 IP addresses in more than 50 countries. The ISC is a free service supported by the SANS Institute from tuition paid by students attending SANS security education programs. The site offers numerous links to tools, educational podcasts, forums, and a job board for security professionals.
The Verizon 2017 Data Breach Investigations Report found that 51 percent of data breaches analyzed involved malware. Here are links to free sites that offer analysis of the leading malware infecting networks: virustotal.com, malwr.com and VirusShare.com.
Organizations know they need to get serious about threat intelligence, but it’s not always clear where to find credible information. While just about every security industry vendor website offers up information on the latest threats, some are better than others. Here, we 'll point out the sites that are the most informative and useful.
We called on Roselle Safran, president of Rosint Labs, to work with us to build a meaningful list. Safran's extensive experience in cybersecurity includes several years of service in the Executive Office of the President and Department of Homeland Security during the Obama administration.
Safran included some obvious choices from federal government sources, but she also struts her cybergeek sruff by offering up some lesser-known sites that track ransomware and malware. We combined forces with Safran to develop a list that will give novices the threat intelligence amuse-bouche they need while supplying some intel red meat for experienced security pros.
Go through the list. You’ll find that there are many more than eight sites to choose from:
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024