Much like the mythical six degrees of separation of another famous Bacon, it seems that you can’t get farther than three clicks on a security provider’s website without running into some mention of threat intelligence. While my hazy, hairspray-induced fondness for “Footloose” is dampened somewhat by the existence of “Wild Things” in the ’90s, I can safely say that X-Force Threat Intelligence is one my favorite security seasonings.
Cur(at)ing Threat Intelligence
While you may not want to see how sausage is made, there is a lot of interest in how threat intelligence is created. Although I’ve had a rather unfortunate exposure to pig farming thanks to a classmate’s technical process presentation in a college Public Speaking class, I’ll spare you the details. Suffice to say it was quite unsuitable for an 8 a.m. lecture.
It’s not idle curiosity to question the sources of threat intelligence. Essential to threat intelligence being useful is that it is accurate and trusted.
X-Force sources threat intelligence using a variety of data capture methods. The infrastructure that X-Force uses for collecting data includes a Web crawler, similar in technology to what an Internet search engine would use. It is focused on identifying threats, malicious Web domains, honeypots and darknets that capture network communication indicative of malware, and spam traps for obtaining as much spam as possible.
These data collection methods are complemented by further data from 15 billion monitored events from our Security Services clients and 270 million monitored endpoints to collect malware samples. Capturing this data is important; equally important is turning the information collected into insights that can integrate with products and help protect an enterprise.
And when in doubt, just add bacon.