top of page

Threat Intelligence 

There are many organizations which provide network intelligence. Network security organizations include SANS, Mitre, FIRST, SecurityNewsWire, (ISC)2, and CIS. You must keep abreast of the latest threats and continue to upgrade your skills. The Cisco Annual Cybersecurity Report and the Mid-Year Cybersecurity Report are great resources to use. It is also useful to read blogs and listen to podcasts.

Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques. This information is not only shared with personnel, but also with security systems.


As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service. One such service is the Cisco Talos Threat Intelligence Group. FireEye is another security company that offers services to help enterprises secure their networks.


FireEye uses a three-pronged approach combining security intelligence, security expertise and technology. FireEye offers SIEM and SOAR with the Helix Security Platform which uses behavioral analysis and advanced threat detection and is supported by the FireEye Mandiant worldwide threat intelligence network.


The U.S Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS). AIS enables the real-time exchange of cyber threat indicators between the U.S. Federal Government and the private sector.


The United States government sponsored the MITRE Corporation to create and maintain a catalog of known security threats called Common Vulnerabilities and Exposure (CVE).


Three common threat intelligence sharing standards include Structured Threat Information Expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII), and CybOX. These open standards provide the specifications that aid in the automated exchange of cyber threat intelligence information in a standard format.

bottom of page