Intelligence Sources

Proprietary/Closed-Source Intelligence Sources Explained

Proprietary or closed-source intelligence refers to threat intelligence that is offered as a paid service. Companies that provide this type of intelligence usually charge a subscription fee for access to their updates and research.

Some of these providers gather and repackage information that is available for free from public sources, while others create their own unique data. This closed-source data comes from the provider’s own research, such as data collected from honeynets (traps set to detect attacks) or information gathered from their customers’ systems, which is anonymized to protect privacy.

Many commercial providers also offer their own platforms for processing and sharing threat intelligence. Some platform providers don’t create their own intelligence feeds but instead focus on distributing and organizing data from other sources.

Some examples of commercial providers include:

• IBM X-Force Exchange (exchange.xforce.ibmcloud.com)

• FireEye (fireeye.com/solutions/cyber-threat-intelligence/threat-intelligencesubscriptions.html)

• Recorded Future (recordedfuture.com/solutions/threat-intelligence-feeds)

Open-Source Intelligence Sources Explained

Open-source intelligence refers to threat information that is freely available to the public without subscription fees. Various organizations, including government agencies and community-driven platforms, provide such intelligence to help individuals and businesses stay informed about potential security threats.

Notable open-source intelligence sources include:

• US-CERT: The United States Computer Emergency Readiness Team offers feeds on current cyber activities, alerts, and comprehensive reports. Their Automated Indicator Service (AIS) provides real-time threat information .

• MISP Threat Sharing: An open-source platform that facilitates the sharing of threat intelligence, including indicators of compromise, to enhance collective security efforts

  .

• Open Threat Exchange (OTX): A community-driven platform where participants share and discuss security threats, providing real-time threat feeds and collaborative analysis .

Utilizing these open-source resources can enhance situational awareness and improve the ability to respond to emerging cyber threats.

Other examples of open-source providers include the following:

• AT&T Security, previously Alien Vault Open Threat Exchange (OTX) (otx.alienvault. com)

• Malware Information Sharing Project (MISP) (misp-project.org/feeds)

• Spamhaus (spamhaus.org/organization)

• SANS ISC Suspicious Domains (isc.sans.edu/suspicious_domains.html)

• VirusTotal (virustotal.com)

Implicit Knowledge in Cybersecurity

While threat feeds provide explicit knowledge—information that can be directly used in security processes—it’s important to also pay attention to implicit knowledge sources.

These include blogs and discussion forums where experienced cybersecurity professionals share their insights. These platforms not only report on the latest cybersecurity trends but also offer valuable lessons on the mindset, attitudes, and instincts that contribute to success in the field.

Learning from these seasoned experts helps you understand not just what to do, but how to think like a cybersecurity professional.