Malware Monitors

In addition to running its own honeypots and using user submitted log data to detect attackers; ThreatSTOP aggregates and optimizes threat intelligence from a number of sources on the Internet, turning that information into enforceable policy lists which are uploaded into network firewalls.

The current sources for our threat intelligence include:

DShield.org / Internet Storm Center

internet storm center
dshield

DShield.org / Internet Storm Center (ISC) relies on an all-volunteer effort to detect problems, analyze threats, and disseminate both technical as well as procedural information to the general public. Thousands of sensors that work with most firewalls, intrusion detection systems, home broadband devices, and nearly all operating systems are constantly collecting information about unwanted traffic arriving from the Internet. These devices feed the DShield database where human volunteers as well as machines pore through the data looking for abnormal trends and behavior. The resulting analysis is posted to the ISC's main web page where it can be automatically retrieved or can be viewed in near real time by any Internet user. DShield is usually among the first to detect new network based attacks on the Internet, as the seed systems scanning for the vulnerabilities rapidly rise to the top of the list of connections to closed ports.

ISC Security Information Exchange

Security Information Exchange

ISC SIE is a trusted, private framework for information sharing in the Internet Security field. Participants can operate real time sensors that upload and/or inject live data to SIE, and other participants can subscribe to this data either in real time, or by query access, or by limited and anonymized download.

Participants are network operators (including ISPs, enterprise, academic, and research), law enforcement (internationally), security companies (including anti-virus, intrusion detection, &etc), and research (including academic, Internet do-gooder, government, and commercial). All access and use, either commercial or noncommercial, must be in the public interest.

Cyber-Threat Analytics (Cyber-TA)

SRI international
Cyber-TA

Cyber-TA is an initiative to accelerate the ability of organizations to defend against Internet-scale threats by delivering technology that will enable the next-generation of privacy-preserving digital threat analysis centers. These centers must be fully automatic, scalable to alert volumes and data sources that characterize attack phenomena across millions of IP addresses, and higher fidelity in their ability to recognize attack commonalities, prioritize, and isolate the most critical threats. Cyber-TA brings together leading researchers in large-scale network intrusion defenses with leaders from the information privacy community to develop next-generation wide-area collaborative defense technologies that maximally balance the needs for contributor privacy with the need for rich-content data to drive new threat detection and mitigation systems.

ShadowServer

shadowserver

The Shadowserver Foundation gathers intelligence on the darker side of the internet. Comprised of volunteer security professionals from around the world, their mission is to understand and help put a stop to high stakes cybercrime in the information age.


PhishTank

phishtank

PhishTank is a collaborative clearing house for data and information about phishing on the Internet.