Hi, I’m Erin, the Cybersecurity expert. Today we are going to learn about threat intelligence feeds and why sometimes they are great and other times they can cause a lot of problems.
A threat intelligence feed is a list of computer addresses of malicious individuals who have been known to attack companies and their systems. These feeds can be placed in various cybersecurity solutions to block or notify when traffic comes from one of these known bad addresses. So using a threat feed is a good idea right? Well that depends.
Not all threat intelligence feeds are created equal and some feeds can cause you more problems than they are worth. For example, many threat feeds (especially the free ones) are often incomplete, old and have erroneous addresses. When this happens yours IT folks end up chasing false positives which is a huge waste of time. Threat feeds are supposed to increase accuracy and reduce false positives and unfortunately some lists have the opposite effect.
Cybersecurity is often like being a detective working through a case with forensic evidence. But with many threat feeds it is like working on cold case files from years ago rather than studying an active crime scene. A crime scene lets you see near real-time clues and evidence where with cold case files it is difficult to make any progress on a case and often a huge waste of time.
This is why we have come up with the next generation threat intelligence feed called “Swat Feed”. It stands for StratoZen Worldwide Active Threat Feed. We wanted to create a threat feed that had real-time ACTIVE bad IP addresses. You know, bad actors using these addresses right now to compromise networks and systems. We also wanted to make it affordable for any business to use to get the maximum risk reduction.
We have setup a network of sensors around the globe in various public datacenters designed to capture traffic from active, malicious sources. When an attacker attempts to compromise these systems (or even probes them looking for vulnerabilities), we capture this information and add it to our SWAT Feed. All this attack data gets correlated into a single list and is distributed within our SWAT Feed service. You can receive an updated list every hour!
So, if you are using the SWAT Feed, then you are getting the most up-to-the-minute list of active attackers right now. We get rid of stale data after 14 days so this list is always up-to-date. SWAT Feed dramatically reduces false positives over lists and feeds that keep old data and because the data is so fresh and relevant, any alert against the SWAT Feed list can be treated as critical severity ensuring quick response.
Many security devices can import the SWAT Feed automatically so you always have the best coverage. For organizations that lack systems that can utilize threat feeds, StratoZen through its SIEM-as-a-Service solution can notify you whenever attacks are targeting your organization without any additional equipment being deployed or any additional personnel being hired.
So that’s it! Now you know about threat feeds, what to look for, and the value that SWAT Feed can offer your organization. To learn more, please visit our website or contact us today!