Using Multi-Source Threat Intelligence to Strengthen Network Security

An Ongoing Blog Series Highlighting Threater’s Best-In-Class Threat Intelligence
In the first blog of this series, we talked about the need to use threat intelligence from multiple sources and highlighted some of the key threat intelligence challenges. These included identifying which sources to use amidst a plethora of options and challenges integrating third-party threat intelligence into traditional security controls like next-generation firewalls. We provided a high level overview of how the Threater platform simplifies and solves these challenges by putting best-in-class threat intelligence at your fingertips and allowing you to take action with the threat intelligence that works best in your environment.
In this blog, we will take a closer look at the importance of using multi-sourced threat intelligence and how our platform provides and allows you to use best-in-class threat intelligence to to secure your networks, data and users in real-time – wherever they are – on-prem, cloud, remote, or all of the above.
Defending against today’s threats is a volume game that requires the use of threat intelligence from multiple sources. Cyber attacks are big business, with threat actors ranging from individual attackers to well funded, coordinated cyber threat organizations, to state sponsored attacks. Therefore, one vendor or threat intelligence provider’s view of the threat landscape is simply not enough to protect from the constantly evolving and sophisticated threat actors that are attacking. This is proven not only in the volume of threat intelligence available, but also the fact that when comparing various threat intelligence from multiple vendors, the overlap is negligible.
Presenting at the 29th Usenix conference and symposium, researchers from the Delft University of Technology in the Netherlands and the Hasso Plattner Institute at the University of Potsdam, Germany, found that between a mix of both commercial, open source, and vendor threat feeds, that using threat intelligence from multiple sources yielded the most benefit with minimal overlap. From their findings:
These findings prove academically what Threater has always known – protection from cyber threats requires the use of a broad set of threat intelligence, from multiple sources. Providing this is core to our platform and one of the features that provides high value to our customers.
Enough of academia. At the end of the day…Threater makes your IT life easier by filtering through the noise and delivering threat intelligence from multiple trusted and best-in-class sources so that you don’t have to. These include:
…But these aren’t the only sources of threat intelligence that our platform can use. In addition to the threat intelligence data we provide “out of the box,” Threater can integrate threat intelligence in real time from any source, including from your current deployed security tools. Below are a few examples of the ways we make it simple for you to integrate threat intelligence into the platform:
Our platform provides connectors that make it easy for you to create automated IP and domain denied lists. For example, with our Basic IPv4 address list and Basic Domain connectors you can create automated denied and allowed lists by importing IP and domains addresses stored single line in text files located on a web server. If you prefer STIX/TAXII, you can use our STIX/TAXII connector. In the near future, we will also provide the ability to do bulk CSV uploads.
Our platform has a growing number of “out of the box” integrations with third-party systems like Threat Intelligence Platforms (TIPs), SIEMs, and SOARs to name a few.
With a few simple clicks, you can easily integrate threat intelligence from leading threat intel providers and TIPs like Anomali, IntSights, Recorded Future, ThreatConnect, ThreatQuotient, and ThreatSTOP.
When it comes to SIEMs, of course we have great syslog export capabilities. However, what’s even cooler are integrations that enable you to automatically block threats in Threater right from the SIEM. For example, with our IBM QRadar App users can automatically add an IP or domain to a Threater denied list right from the QRadar interface.
We also have plans this year to add integrations with leading SOAR platforms, which are increasingly being used by organizations to automatically respond to threats
Last but not least, we make it simple for users to build their own integrations using our robust and easy to use set of REST APIs. If this is your cup of tea, feel free to check out our APIs here.
As you can see, when it comes to threat intelligence Threater is all about allowing you to use best-in-class threat intelligence to secure your networks, data and users in real-time – wherever they are – on-prem, cloud, remote, or all of the above. This best-in-class comes from multiple sources including the threat intelligence data we provide “out of the box” as well as the many ways we make it easy for you to integrate threat intelligence from any source in real time.
Stay Tuned!
In our coming blogs, we will take a deeper look at our threat intelligence data and partner integrations, and how we interact with them. And as always…
If you are a current customer and have any questions, feel free to reach out to our customer support team at support@threater.com
If you’d like to learn more about Threater’s platform integrations, visit the Integrations tab on www.threater.com
If you’d like to get started with Threater’s platform today, contact sales@threater.com