Print this chapterPrint this chapter

Chapter 2 Exploring Cybersecurity Threats

2. Threat Data and Intelligence

2.4. Proprietary and Closed-Source Intelligence

Audio

 

 

Transcript

So let's talk about proprietary and closed source, intelligent.

That means that it's not open to the public, and you're generally going to have to pay to get it, either as a subscription to the service or you have some other package with them. And as part of the deal, so closed source intelligence that basically means it's not open to the public.

So they do own the information. They do their own gathering and research. They use custom tools, analysis models and other proprietary methods. And one reason companies might use that is that they don't want to share their data. So if I go to.

Fires total and certifiable and that goes to buyers share. While it will show who uploaded the file to check it, the name of the company, etcetera. And maybe I don't want people to know that information so 

That's that's one reason people may use closed source intelligence. Another reason is there's so much open source stuff, it can be overwhelming, you know, which site do you believe which site is the most accurate, etcetera, etcetera. So having a single source that is closed that.

As proprietary may be a little less overwhelming so.

Commercial closed source intelligence is often part of the service offering, which can be compelling resource for security professionals. And then what do you do when a threat feed fails? The authors of the of the textbook learned lesson about up-to-date threat feeds a number of years ago after working. 

With IDs and IPS vendors which is detection and prevention systems, the vendor promised up to date feeds and signatures were current issues, but they tended to run behind other vendors in the marketplace.

So you know, if you're not getting an up-to-date feed or if your fees aren't accurate, then you could, you know, be running behind and have issues with getting hacked because you don't have the right patch or you are unaware of a vulnerability.

That came out two days ago, so depending on who you are, you know it. It could be that fast that you're attacked. So then threat man.

Threat maps are basically maps that show you where attacks are coming from and where they're going to. I've worked at a previous employer who used software called Crowd Strike, which is one of it's a premier software proprietary.

And they have an amazing.

Threat, Matt. And when something kicked off around the world, that map would blow up and you would know to be ready. You would know what was coming. The textbook list checkpoint, which is another proprietary company which has one. So basically it tells you you know where attacks are coming from.

And what part of the country or world they're going to so you know, if you're, if I live in Michigan. So if you're in Michigan and nothing's coming to your state, then you.

And rest a little easy. But when that map blows up, you know to to hold on and get ready. So but threat maps are cool because you can see what's going on in the world, not just limited to what's going on in your system.