Threat Intelligence Feeds

threat intelligence feeds

As cyber attackers evolve their tactics, techniques, and procedures (TTPs), threat intelligence feeds help security teams stay one step ahead. They deliver curated streams of relevant data that can be ingested into existing tools and used to automate detection and response. This reduces the time needed for manual threat hunting and allows security teams to focus their attention on preventing attacks and mitigating risks.

The format of a threat intelligence feed will have a direct impact on its effectiveness. The most valuable sources of threat intelligence offer contextual analysis, streamlining both incident response and strategic planning efforts. Ideally, it provides a clear understanding of how the information originated, such as whether it’s an indicator of compromise (IOC), a malicious IP address, or a list of suspicious domain names and hashes.

Top Threat Intelligence Feeds to Strengthen Your Cybersecurity

There are several types of threat intelligence feeds available, ranging from open-source to commercial. For example, the FBI’s InfraGard service is a trusted source of information that delivers an automated list of IoCs filtered by industry. It also provides lists of CDNs and URLs that have been spotted by attackers and offers a threat API that can be integrated with a variety of tools.

Another popular source is AlienVault’s Crowd-Sourced Open Threat Exchange, a crowd-sourced threat intelligence platform that provides access to more than 20 million indicators of compromise daily. However, the quality of these feeds depends on how quickly the data is updated and the amount of context offered. Oftentimes, a malicious IOC may be listed without any additional details such as attribution or timestamp.