ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > First Steps for Automating Your IOC Provision Sources

First Steps for Automating Your IOC Provision Sources

Ofir Eitan, CISM, and Aviv Srour
| Published: 3/8/2018 3:03 PM | Category: Security | Permalink | Email this Post | Comments (0)

Ofir Eitan, CISM, and Aviv SrourThe first step is always the hardest. If your organization lacks adequate cybersecurity intelligence processes and you are looking for a quick win solution, we are here to assist. We have compiled a complementary list of cyberthreat intelligence sources that yield positive results from some of the most notable cybersecurity companies available on the Internet.

The first step is to automate the data mining processes from these websites. Therefore, we highly recommended organizations invest in programming a crawling process using Python or, if available, set up a communication line between your database and the source by using an application programming interface (API). Furthermore, we advise you to contact your required sources, whether that be a security company or indicators of compromise (IOC) provider, for additional information regarding their services and the best methods to consume them.

If you wish to take it to the next level, you can always set up an automated management platform by downloading software or subscribing to a service. To this end, we recommend downloading the open-source GitHub platform MISP, which can help manage your IOC aggregation process. If there any operational constrains such as a short in IT maintenance resources or legal dictations, you should consider acquiring an IOC management platform or purchasing a full-service package from a cyberintelligence provider. Figure 1 contains some cyberintelligence sources and has links to help you learn more about them.

Figure 1:  Cyberintelligence Sources

Source

Relevant Link

FireEye

https://www.fireeye.com/blog/threat-research.html

RSA labs

https://www.rsa.com/en-us/blog/blog-rsa-research-innovation
https://www.rsa.com/en-us/products/threat-detection-and-response

Kaspersky

https://blog.kaspersky.com/category/malware/
https://blog.kaspersky.com/category/tips/

Check Point

http://blog.checkpoint.com/category/threat_research/

Crowd Strike

https://www.crowdstrike.com/blog/category/threat-intel-research/

Securelist

https://securelist.com/all/?category=25
https://securelist.com/all/?category=22
https://securelist.com/all/?category=24

Microsoft Secure

https://blogs.microsoft.com/microsoftsecure/category/cybersecurity/security-intelligence/

Symantec

www.symantec.com/connect/symantec-blogs/symantec-security-response

Trend Micro

http://blog.trendmicro.com/trendlabs-security-intelligence/

Team Cymru

https://blog.team-cymru.org/

F-Secure

https://www.f-secure.com/en/web/labs_global/threat-descriptions

Seculert Blog

www.seculert.com/blogs

Cisco

https://blogs.cisco.com/tag/ioc

IBM

https://securityintelligence.com/category/x-force/

Cylance

https://blog.cylance.com/

Carbon Black

https://www.carbonblack.com/blog/

US-CERT

https://www.us-cert.gov/


The names of the companies presented in this article are solely the suggestions of the authors and are not backed by any financial, material or other motive. It should be emphasized that any recommendation regarding the cyberintelligence services mentioned in this publication does not replace an orderly procurement process.

Read Ofir Eitan’s recent Journal article:
The Missing Link in Assessing Cyberrisk Factors Through Supply Chains,” ISACA Journal, volume 2, 2018.

Comments

There are no comments yet for this post.
Email