Intelligence Sharing

Companies can come together to form ISAC’s. These are groups to share intelligence. These are often companies which do the same type of jobs like manufacturing.

IOC/TTP Gathering and Distribution

The security analyst has the job of gathering and distributing IOC’s to different people. This is since they will be doing a similar job anyway so it makes sense.

OSINT vs Paid-for Sources

OSINT

There is a lot of free information that can be collected. However there is a greater chance that this information could be fake. This means alot of this information will need to be confirmed.

  • TweetIOC
  • Spamhaus
  • URLhaus
  • AlienVault Open Threat Exchange
  • Virus Share
  • List of Free Threat Feeds
  • Anomali Weekly Threat Briefing
  • US Cybersecurity and Infrastructure Security Agency – Automated Indicator Sharing
  • SANS Internet Storm Center
  • Talos Intelligence – Free Version

Paid sources are very expensive and not viable to small or medium organisations, however these generally have better, more reliable information.

  • FireEye
  • Recorded Future
  • CrowdStrike
  • Flashpoint
  • Intel471

Traffic Light Protocol (TLP)

This is a system to work out which information can be shared with other organisations. This entire protocol relies on trust so it is incredibly important to not breach the intended level of distribution.

White

This information is publicly shared. However, copyright results still apply.

Green

This information is shared within communities like information sharing and analysis centres (ISACs). This should not be shared outside of intended communities

Amber

This information can only be shared internally within the organisation, on a need to know basis.

Red

This information is extremely sensitive and could have severe consequences. Information cannot be shared with anyone who is not personally named. It cannot be shared under any circumstance without the author’s permission.