《八个低成本或免费威胁情报来源》--哈尔滨安天科技集团股份有限公司提供

2018-07-12

组织知道他们需要认真对待威胁情报,但是对于去哪里找可靠的信息并不是很清楚。虽然几乎所有的安全行业厂商网站都提供最新威胁的信息,但是有些网站的内容更好一些。在本文中,我们将推荐八个信息最丰富、最有用的网站。

我们邀请Rosint Labs总裁罗塞尔�萨夫兰(Roselle Safran)与我们一起总结网站清单。萨夫兰在网络安全方面拥有丰富的经验,曾在奥巴马政府的总统行政办公室和国土安全部任职多年。

萨夫兰提供了一些联邦政府网站,还提供了一些鲜为人知的、追踪勒索软件和恶意软件的网站。我们与萨夫兰联手制定了一份清单,旨在帮助新手获取他们需要的威胁情报,并为经验丰富的安全专家提供一些有用的情报。

浏览列表之后,你会发现可以选择的网站远不止八个。

国土安全部:自动信标共享网站

国土安全部(DHS)成立了免费的自动信标共享(AIS网站,便于私营公司与联邦政府共享网络威胁信标。典型的威胁信标是诸如恶意IP地址或钓鱼邮件的发件人地址等信息。国土安全部旨在创建这样一个生态系统:一旦有公司或联邦机构发现攻击企图,就会立即与所有AIS参与者共享威胁信标。联邦政府官员说,虽然AIS不能清除复杂的网络威胁,但它能够清除复杂程度较低的攻击,使得联邦政府和私营公司能够专注于更具危害性的针对性攻击。

FBIInfraGard门户网站

联邦调查局(FBI)的InfraGard门户网站是一个信息交换中心,公共和私营部门可在此共享信息,以保护美国的关键基础设施。政府将关键基础设施分为从国防工业基地、制造业到水坝等16个行业。该网站提供有关16个行业相关事件的新闻,另外还附有网络犯罪和网络逃犯的链接,其中包含最新的攻击和联邦调查局正在追踪的潜在威胁的信息。

信息共享和分析中心国家委员会

信息共享和分析中心(ISAC)国家委员会成立于2003年,ISAC的概念是在1998年首次提出的。如今共有24ISAC,其中一些,如金融服务ISACFS-ISAC),加盟费很高。但是很多ISAC提供低成本或免费的威胁情报。其基本思想是:每个关键基础设施部门都设有负责监视和发现该行业威胁信息的组织。大多数ISAC都提供全天候的威胁警报和事件报告,许多ISAC也为其部门设置威胁级别。请点击此链接查找适用于您所在行业的ISAC

Ransomware Tracker

Ransomware Tracker是一个瑞士安全网站,由@abuse.ch管理,专注于追踪和监控与勒索软件相关的域名、IP地址和URL的状态。它包括僵尸网络C&C服务器、传播站点和支付站点。通过使用由Ransomware Tracker网站提供的数据,托管服务提供商、ISP、国家CERT、执法机构和安全研究人员可以获得勒索软件所利用的基础设施的信息,以及威胁源是否正在利用它们进行诈骗的信息。该网站还提供缓解勒索软件攻击的指导,以及需要在网络边界拦截的勒索软件列表。

Spamhaus项目

Spamhaus项目成立于1998年,是一家位于日内瓦和伦敦的国际非营利组织,负责追踪垃圾邮件和相关网络威胁,如网络钓鱼、恶意软件和僵尸网络。虽然Spamhaus以发布DNS拦截列表为人所知,但是它还能够生成用于互联网防火墙和路由设备的特殊数据,如Spamhaus DROP列表、僵尸网络CC数据以及Spamhaus响应策略区数据(用于DNS解析器,这是一种有助于防止数百万互联网用户点击网络钓鱼和恶意邮件中的恶意链接的工具)。

互联网风暴中心

互联网风暴中心Internet Storm CenterISC)成立于2001年,是继Li0n蠕虫之后安全社区进行合作的结果。如今,ISC每天从覆盖50多个国家的超过50万个IP地址的传感器中收集数以百万计的入侵检测日志条目。ISC是由SANS研究所支持的免费服务,其资金源于参加SANS安全教育计划的学生支付的学费。该网站提供了许多工具、教育播客、论坛和安全专业人士工作板的链接。

免费的反恶意软件网站

威瑞信2017年数据泄露调查报告》发现,51%的数据泄露涉及恶意软件。以下网站对感染网络的主要恶意软件进行分析,可免费访问:virustotal.commalwr.comVirusShare.com

厂商博客

厂商的最终目的是销售产品,但这并不意味着他们不会发布信息丰富的博客,这些博客是很不错的信息来源,可由此了解厂商发现的最新攻击和保护网络的措施。我们向您推荐以下厂商博客:Alien Vault思科威胁研究博客CrowdStrike研究和威胁情报博客火眼威胁研究博客Palo Alto Networks Unit 42Recorded FutureWindows安全博客

8 Low or No-Cost Sources of Threat Intelligence

https://www.darkreading.com/threat-intelligence/8-low-or-no-cost-sources-of-threat-intelligence-------/d/d-id/1330447

11/27/2017
08:00 AM

Steve Zurier

 

Here's a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.

Organizations know they need to get serious about threat intelligence, but it’s not always clear where to find credible information. While just about every security industry vendor website offers up information on the latest threats, some are better than others. Here, we 'll point out the sites that are the most informative and useful.

We called on Roselle Safran, president of Rosint Labs, to work with us to build a meaningful list. Safran's extensive experience in cybersecurity includes several years of service in the Executive Office of the President and Department of Homeland Security during the Obama administration.

Safran included some obvious choices from federal government sources, but she also struts her cybergeek sruff by offering up some lesser-known sites that track ransomware and malware. We combined forces with Safran to develop a list that will give novices the threat intelligence amuse-bouche they need while supplying some intel red meat for experienced security pros. 

Go through the list. You’ll find that there are many more than eight sites to choose from:

Department of Homeland Security, Automated Indicator Sharing

The Department of Homeland Security’s free Automated Indicator Sharing (AIS) website was set up for private companies to share cyber threat indicators with the federal government. Typical threat indicators available are information such as malicious IP addresses or the sender address of phishing emails. DHS aims to create an ecosystem where as soon as a company or federal agency observes an attempted compromise, the indicator will be shared with all AIS participants. Federal officials say while AIS won’t eliminate sophisticated cyber threats, it will clear out the less sophisticated attacks, making it possible for the federal government and private companies to focus on the more pernicious targeted attacks.

FBI InfraGard Portal

The FBI’s InfraGard Portal serves as a clearinghouse for the public and private sectors to share information to protect America’s critical infrastructure. The government breaks critical infrastructure into 16 sectors ranging from the defense industrial base to manufacturing to dams. The site offers a news feed on events relevant to the 16 sectors, plus has Cyber Crimes and Cyber Fugitives links that contain information on the most recent attacks and potential threats being tracked by the FBI.

National Council of Information Sharing and Analysis Centers

While the National Council of ISACs was formed in 2003, the ISAC concept was first introduced in 1998, almost 20 years ago. Today, there are 24 ISACs. Some of them, like the financial services ISAC (FS-ISAC), are expensive to join. But many of them offer low or no-cost threat intelligence. The basic idea is for each critical infrastructure sector to have its own organization that monitors and ferrets out threat information specific to that industry vertical. Most ISACs have 24x7 threat warning and incident reporting capabilities, and many also set the threat level for their sectors. Follow this link to look up the ISAC that applies to your industry.

Ransomware Tracker

Managed by @abuse.chRansomware Tracker is a Swiss security site that focuses on tracking and monitoring the status of domain names, IP addresses, and URLs that are associated with ransomware. This includes botnet command-and-control servers, distribution sites, and payment sites. According to the Ransomware Tracker website, by using data provided by the site, hosting, and ISPs, as well as national CERTs, law enforcement agencies and security researchers can receive an overview on infrastructure exploited by ransomware and whether these are actively being used by bad threat actors to commit fraud. The site also offers guidelines for mitigating ransomware as well as blocklists for stopping ransomware at the network edge.

The Spamhaus Project

Founded in 1998, The Spamhaus Project is an international non-profit based in Geneva and London that tracks spam and related cyber threats such as phishing, malware, and botnets. While it is best-known for publishing DNS-based blocklists, according to its website, Spamhaus produces special data for use with Internet firewall and routing equipment, such as the Spamhaus DROP lists, botnet C&C data, and the Spamhaus Response Policy Zone data for DNS resolvers, a tool that helps prevent millions of internet users from clicking on malicious links in phishing and malware emails.

Internet Storm Center

The Internet Storm Center was founded in 2001 following the collaboration that took place in the security community following the Li0n worm. Today, the ISC gathers millions of intrusion detection log entries every day, from sensors covering more than 500,000 IP addresses in more than 50 countries. The ISC is a free service supported by the SANS Institute from tuition paid by students attending SANS security education programs. The site offers numerous links to tools, educational podcasts, forums, and a job board for security professionals.

Free anti-malware sites

The Verizon 2017 Data Breach Investigations Report found that 51 percent of data breaches analyzed involved malware. Here are links to free sites that offer analysis of the leading malware infecting networks: virustotal.commalwr.com and VirusShare.com.

Vendor blogs

Vendors will always try to sell you product in the end, but that doesn’t mean that they don’t maintain informative blogs that serve as excellent sources to learn more about what the vendor has found about recent attacks and remedies for protecting your network. Here are some to consider: Alien VaultCisco Threat Research BlogCrowdStrike Research and Threat Intel BlogFireEye Threat Research BlogPalo Alto Networks Unit 42Recorded Future, and Windows Security Blog.

  附件:

《8 Low or No-Cost Sources of Threat Intelligence》--原文.pdf

《8 Low or No-Cost Sources of Threat Intelligence》--译文.pdf

 

联系我们
办公地点:中国电子技术标准化研究院
地址:北京安定门东大街1号
邮编:100007
电话:010-64102639
邮箱:cciahyz@china-cia.org.cn

微信公众号