Given that your current security stack (AntiVirus, Firewall, SIEM, etc.) already comes integrated with its own auto-updated IOC feeds, do you still need an additional IOC threat intel feed?
Cyber Security is an ever-growing challenge where security teams have to deliver within limited resources and time. Thereby, in the current era of information overload, an effective Cyber Security strategy has to address how to steer away from TIN (Threat Intelligence Noise).
Indicators of compromise (IOCs) are the golden factor that enables most of the security technologies to function. Any IP, Domain, URL/Host or file hash that is associated with the malicious activity is introduced as a periodic update to relevant security technologies, enabling detection and blocking of any event that is found attempting to associate with those IOCs.
The daily number of IOCs being discovered across the Cybersecurity industry is mind-boggling. As per AlienVault, their OTX platform provides open access to a global community of threat researchers and security professionals. It now has more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily’
The sheer volume shows that it has to be an automated process where the IOCs need to be produced, aggregated, validated and finally, updated into products in a timely manner. Relevant security vendors must do so for the proper functioning of their products.
As for the corporate businesses that are consumers of security products, they are already leveraging IOCs from multiple vendors. Namely, Endpoint security, Perimeter Firewall, IDS/IPS, Email & Web firewall and a SIEM. All these vendors are producing and sharing their IOCs with their peers and each has an auto-update feature in their products.
For further details, click the download button below!