There's a reason the cybersecurity community is called a community. Its members have a common purpose - protecting people and companies from having their data stolen, bank account drained, medical records exposed, business activity crippled or halted, and more. Cyber attackers are creating new, advanced attacks at a dizzying rate. Even as you're reading this post (and as I'm writing it), new malware variants and evasion techniques are being born.
Through hacker forums, ransomware is offered as a service (RaaS) with affiliates all over the world spreading it. Many of these new attacks have the potential to take down businesses that took years to build. As Winston Churchill said, "To build may have to be the slow and laborious task of years. To destroy can be the thoughtless act of a single day".
There are around 3 Million people working in cybersecurity around the world, trying to protect their customers and employers from a realm of endless cyber attacks, each company in their own way with their own techniques. So, while hackers are working together, the collective knowledge and abilities of millions of the "good guys" are spread thin between thousands of security firms. This is where community comes in.
To fight cyber crime, and protect all of our customers better, cyber security companies and vendors need to share their knowledge with the community. Giving and getting back is the only way to develop a collective resistance to new and complex threats.
Cyber Threat Intelligence (CTI) can be shared in many different ways. Security forums using secure servers provide a meeting place for industry experts, and a place to post and view threat updates. Threat exchanges such as AlienVault's Open Threat Exchange and IBM's X-Force let users post information and indicators of compromise (IOCs) regarding newly observed attacks. Viewers can comment on the updates, sharing their knowledge and adding pieces to the puzzle, while some platforms also allow users to give a reputation score for every IOC.
At ThreatSTOP, we have always seen ourselves as part of a teaching and learning community, and have made sure to share our novel knowledge and experience with others. ThreatSTOP contributes Threat Intelligence to Quad9 and shares data with DShield and others. Aside from sharing in forums and on threat exchanges, ThreatSTOP provides free access to our analysis tool, Check IOC. Using Check IOC, users can search any IP or domain against our extensive threat intelligence DB, which includes data from over 800 threat intelligence sources. Even cooler than that though, is ThreatSTOP's custom blocklist built on a customer log feedback loop. The target, called " TS Originated - Top Blocked IPs by ThreatSTOP customers", is generated daily to include the bad IPs most actively trying to attack our customers (and getting blocked by ThreatSTOP). This target can be activated by any ThreatSTOP customer, or searched against using Check IOC.
Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?