Page 81 - Cyber Defense eMagazine July 2024
P. 81

Bringing Internal and External Threat Intelligence Together

            Use Internal Data for Baseline Security

            Internal threat intelligence should be the foundation of your organization's  security strategy. This means
            that  the  data  from  your  own  networks  and  systems  must  always  be  analyzed  and  processed  to
            continuously improve your security measures.

            Leverage External Data for Threat Anticipation

            External  threat intelligence  can be used to anticipate  and prepare for threats that have not yet directly
            impacted  your  organization.  Regularly  review  external  intelligence  for  information  about  new  and
            emerging threats and use this information to update your security measures and train your employees.

            Combine Both for Incident Response

            In the event of a security incident, both internal and external threat intelligence can be valuable. Internal
            data  can  help  you  understand  the  nature  and  scope  of  the  incident,  while  external  data  can  provide
            context and insights about the threat actor and their tactics.




            Threat Intelligence Portal from ANY.RUN

            One example  of external threat intelligence is ANY.RUN’s  suite of TI products that includes Feeds and
            Lookup.
            The  services  provide  users  with  access  to  refined  data  extracted  from  ANY.RUN  sandbox’s  public
            database of threat samples uploaded by its global community of over 400,000 cybersecurity experts. The
            result is an extensive repository of up-to-date information related to the latest attacks around the world.

            Threat  Intelligence  Feeds  supply  a  continuously  updated  stream  of  fresh  indicators  of  compromise
            directly into SIEM  and TIP systems in STIX format.  The feeds can be integrated  and used completely
            free of charge in the form of a demo sample.

            Threat Intelligence Lookup provides users with a platform for threat investigations with a built-in search
            engine.  Analysts  can  use  it to  search  ANY.RUN’s  extensive  database  of  threat  data  and  enrich  their
            indicators and understanding of threats they encounter.

            By submitting  artifacts, such as file hashes, domains,  IP addresses,  TTPs, ports, registry keys, etc. (a
            total  of over  30  ones),  users  can  identify  their  context  in the  form  of corresponding  IOCs,  as well  as
            ANY.RUN sandbox sessions, where these artifacts were detected.

            The service  also  supports  combined  searches,  making  it possible  to submit  a query featuring  several
            artifacts at the same time for more refined results.

            Consider the example below, where we submit a search query for a certain IP.








            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          81
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   76   77   78   79   80   81   82   83   84   85   86