Welcome to Threat Intelligence Platforms brought to you by IBM. In this video, you will learn to describe various threat intelligence platforms and resources. A threat intelligence platform is defined as an emerging technology discipline that helps organizations aggregate, correlate, and analyze threat data from multiple sources in real-time to support defensive actions. Threat intelligence platforms are made up of a several primary feature areas that allow organizations to implement an intelligent driven security approach. These stages are supported by automated workflows that streamlined the threat detection management analysis and defensive process and track it through to completion. Collect, a threat intelligence platform collects and aggregates multiple data formats for multiple sources, including CSV sticks, XML, Email and various other feeds. In this way a threat intelligence platform differs from a SIM platform. Well, SIMs can handle multiple threat intelligence feeds. They are less well suited for ad-hoc importing or for analyzing unstructured formats that are regularly required for analysis. The effectiveness of the threat intelligence platform will be heavily influenced by the quality depth breadth and timeliness of the source of selected. Most threat intelligence platforms provide integration to the major commercial and open source intelligence sources. Correlate, the threat intelligence platform allows organizations to begin to automatically analyze correlate and pivot on data so that the actionable intelligence in the who, why, and how of again of an attack can be gained in blocking measures introduced. Automation of these processing feeds is critical. Enrichment & Contextualization. To build enrich context around threats, a threat intelligence platform must be able to automatically augment or allow threat intelligence analyst to use third-party threat analysis applications to augment threaded data. This enables the sock and incident response team to have as much data as possible regarding a certain threat actor, his capabilities and is infrastructure to properly act on the threat. Analyze. The threat intelligence platform automatically analyzes the content of threat indicators and the relationships between them to enable the production of usable, relevant, and timely threat intelligence from the data collector. This analysis enables the identification of threat actors tactics, techniques, and procedures or TTPs. In addition virtualization capabilities help depict complex relationships and allow users to pivot to reveal greater detail and subtle room relationships. We will take a look at a few frameworks in the next video. Integrate. Integrations are a key requirement of a threat intelligence platform. Data from the platform needs to find a way back into the security tools and products used by an organization. Full-featured threat intelligence platforms enable the flow of information collected and analyzed from feeds and disseminate and integrate the clean data to other network tools including SIMs, internal ticketing systems, firewalls, intrusion detection systems and more. Act, amateur threat intelligence platform deployment also handles response processing. Built-in workflows and processes accelerate collaboration within the security team and wider communications like an information sharing and analysis organizations. So that the teams can take control of course of action development mitigation planning and execution. This level of community participation can't be achieved without a sophisticated threat intelligence platform. Powerful threat intelligent platforms enable these communities to create tools and applications that can be used to continue to change the game for security professionals. We will review a few of the many threat intelligence platforms on the market today. Most threat intelligence platforms will have a free and a fee offering. You and your organization will need to review the level of access needed as well as the budget you have available for your specific needs. One threat intelligence platform is from Recorded Ruture. Some of the features of that platform include centralizing and contextualizing all sources of threat data. You can add your proprietary data and beads whether its data from industry bodies, security vendors, internal risks list, or independent research to the largest publicly available collection of data second only to the government's. Their technology uses natural language processing and machine learning to structure the collected data and make connections to deliver rich intelligence and help you investigate faster. Another feature is to Collaborate on Analysis from a Single Source of Truth. Centralized intelligence improves the efficiency of your team by collaborating analysis directly in recorded future. Work together and investigations and research then export the analysis into an easy to share report. Finally, they also customize intelligence to increase relevance. You can tailor threat intelligence to specific use cases before integrating with third-party solutions. Customized intelligence delivers more high fidelity alerting, empowering teams to focus on what is most important. Another threat intelligence platform is from FireEye. They have several subscriptions that are available to you and your organization. Choose the level and depth of intelligence, integration, and enablement your security program needs. Fusion Intelligence is a comprehensive package that includes operational, cyber crime, and cyber espionage intelligence offerings, which you can use to understand a full attack life-cycle to prepare your defense against the TTPs of the threat actors of interest. Strategic Intelligence, learn how to align your security resources against the most likely threats and actors and manage your business and technical risks around major business decisions and security resource planning. Operational Intelligence, allows you to prioritize and add context to your alerts in order to respond more effectively and efficiently and improves defenses with high fidelity machine readable indicators of compromise with associated contextual information. Vulnerability Intelligence provides the vulnerabilities that pose the most significant threats to the organization and understands the options for patching or otherwise mitigating these vulnerabilities. Cyber Physical Intelligence, includes actionable insights into cyber threats and risks facing industrial environments and the operational technology. And includes all FireEye Operation Technology and Industrial Control Systems Focused Intelligence. Cyber Crime Intelligent helps you understand the threat actors who focus on financial crime, who they target, how they attack, and what motivates them. You gain analysis of fraud activity, credential collection, underground marketplaces, and enabling infrastructure. Finally Cyber Espionage Intelligence, which facilitates the understanding of adversaries that attack, that target corporate and government entities for strategic advantage. It leverages insight into the tactics techniques and procedures or TTPs of track threat actor groups to better defend your organization. IBM X-Force Exchange. Is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats, aggregate actionable intelligence, and collaborate with peers. We quickly research and share information about threats by exploiting the depth and breadth of IBM X-Force research. You can integrate with other solutions. It allows you to programmatically access information using sticks and taxi standards as well as through a RESTful API and JSON format. And it incorporates intelligence with security operations and near real-time decision making. Finally TruSTAR. TruSTAR is an intelligent management platform that helps you operationalize data across tools and teams, helping you prioritize investigations and accelerate incident response. Through some of the features of streamlined workflow, integrations where industry-leading integration partners connect with TruSTAR to enrich analyst investigations connecting internal and external data sources. Analysts can work an app or a native to TruSTAR depending on workflow needs. They also have secure access control via to TruSTAR enclaves, which help you manage your intelligence according to team reuse case. Each enclave provides secure role-based access to specific Intel sources, when, where, and how you need it. There's also an advanced search feature which better results equals more informed decisions. TruSTAR provides advanced filtering options to search across IOCs and reports giving you rapid access to the INtel you need. And finally they have Automated Data ingest & Normalization. No matter how you get your intelligence TruSTAR will help you operationalize it with minimal lift. Their automatic ingest extraction and normalization of unstructured data helps you correlate INtel sources quickly and easily. These are just a few of the threat intelligence platforms you may come across as a cyber security analyst.
