Page 6 - Cyber Warnings - November 2015
P. 6
still, most of the data in today’s threat feeds is submitted anonymously, so it’s not a named alliance,
but it’s a start.
Some protective technology vendors, such as those that offer antivirus and firewalls, have
developed their own feeds, and then offer it to customers as premium subscription services. While
these can be somewhat effective, they usually only work with a specific vendor’s technology and as
a result, are limited in how deep they can be leveraged throughout your IT organization. To be most
effective, you should be able to embed such data in other places in the infrastructure, but it’s not
always easy to get the raw data from these feeds to do that. Thankfully, there are also vendor-
agnostic threat feed sources worth exploring. For example, some security information and event
management (SIEM) tools include vendor-agnostic threat feed technology.
Getting and sharing threat information can also be achieved in other ways. For example, the
Internet Storm Center is a great source for information about active attacks. They publish
information about top malicious ports being used by attackers and the IP addresses of attackers.
Simply being better at sharing data across internal teams is another way to stay informed. Less
than half of the IT professionals who responded to a recent SolarWinds survey said their
organizations tightly integrate security and other IT processes, but doing so can help spot attacks or
behaviors that may otherwise be overlooked.
One way to start doing this is by investing in unified tools or dashboards that contain information
about the state of the networks and systems. Often, performance data can be used to spot security
incidents, whether it’s a sudden surge in outbound traffic indicating that someone is exfiltrating data,
or a CPU on a database server is spiking because of an attack. The best way to begin
implementing a comprehensive threat management strategy is to include other IT members in “after
action” reports from incident responses. The more members of your team understand how threats
have been discovered previously, the more vigilant they can be in detecting anomalies in their
systems and raising the flag for the future.
As you can see, there are a number of ways to get better at openly sharing and using valuable
threat- and attack-related information. Now it’s up to each of us to take the next step and get
started. And the sooner the better.
About the Author
Mav Turner is the director of SolarWinds’ security portfolio. He has worked in IT
management for over 14 years, including roles in both network and systems
management prior joining SolarWinds in 2009.
6 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
