Everything to Know about Bambenek's Threat Intelligence Feeds

Bambenek Consulting logo

With the recent launch of our Cyber Intelligence Marketplace, we’re excited to continue our blog series highlighting each of our partners. In this blog, we would like to introduce you to our new partner Bambenek Consulting and the Well-Fed Threat Intelligence feed that is now available on our Cyber Intelligence Marketplace.

Who is Bambenek Consulting? Tell Us About Yourself?

Bambenek Consulting is a cybersecurity investigations and intelligence consulting firm focusing on tackling major criminal threats.

John Bambenek has been working in intelligence for over 10 years leading investigative efforts into some of the largest criminal and nation-state operations attacking organizations world-wide. He is also currently finishing his PhD in cybersecurity machine learning helping create automated algorithms to track and proactively identify malicious infrastructure.

The Well Fed threat feeds have been in use in organizations all over the world for the past 8 years. Using a unique automated system, the feeds are high-confidence, low false-positive, and highly actionable.

How Does Bambenek Collect Intelligence?

Our DGA feeds are created from reverse engineering malware using DGAs and reimplementing the algorithm in python. This in turn is used to feed our unique curation engine to surveil those malware families; and by doing so, it identifies only current malicious infrastructure.

The sinkhole feed is manually curated based on research from the threat research team and updated as new sinkholes are discovered.

MaldomainML is an implementation of the unique machine-learning research developed as part of John Bambenek’s PhD from passive DNS traffic with additional research entered in from the threat research team.

All of these feeds are then thoroughly tested based on globally representative internet traffic to ensure the data has no false positives.

What do you feed your intelligence to call it Well-Fed?

Often security technologies have the ability to use threat intelligence to protect their clients, but those tools often do not ship with any, or very little, threat intelligence to actually do that. Firewalls have been around decades, but few will actually block known malicious IPs. The Well Fed Threat Intel feeds are designed to feed these protective technologies to actually succeed in doing the proactive work of protecting an organization from known threats.

What makes Bambenek’s Threat Intelligence Unique?

The Well Fed Threat Feeds are highly curated to only include currently relevant threats as opposed to something that was previously malicious and may be taken down or otherwise benign. By constantly surveilling criminal networks, it is possible to identify only the most relevant indicators to block, and thus make sure protection is available for devices that may have limited resources.

What Types of Threats will the Well-Fed Protect Customers From?

The Well Fed Threat Intel feeds are calibrated to protect against malware and phishing threats. This includes remote access tools, banking trojans, APT, and ransomware attacks.

What’s One Interesting Attack/Threat Trend You Are Seeing?

Increasingly attackers are trying to use tricks to evade security technologies. From the use of a hostname-generation algorithm in the SolarWinds breach, to non-protocol DNS traffic for DNS exfiltration, attacks deeply know the underlying protocols and are looking for creative ways to avoid our detections.

Hope you enjoyed learning more about Bambenek’s Threat Intelligence! In case you didn’t get to see it live, you can watch a recording of our joint webinar to hear Threater CRO Todd Weller and Bambenek Consulting President John Bambenek walk through our partnership.

Want to learn more about Threater Intelligence Marketplace? You can read our blog, watch our webinar, or read our FAQ to get all the details. And stay tuned to dig in & learn about another partner next week! We have Cyjax on August 12th at 1pm EDT. Don’t forget to register!