Effective security starts with accurate intelligence. Unfortunately, agencies short on budget and personnel may often lack timely access to information they can use to better protect their networks and users. Fortunately, there are several active players in the security community that aggregate and serve up intelligence through publicly available data feeds. Agencies can easily access some great resources for security intel that will go a long way toward helping secure their environments.
Speaking at the recent StateTech Cybersecurity Summit, Aamir Lakhani (also known as Dr. Chaos), a leading cybersecurity and cloud consultant and researcher, shared information on resources he recommends to government agencies looking for ways to improve their security situations.
Here are five resources that state and local governments can tap to improve their security strategies.
DNS-BH is a project that maintains a long-running list of domains associated with the spread of malware and spyware. It is regularly updated and curated. Agencies can subscribe to receive updates to this expansive list.
The SANS Internet Storm Center came into being in response to the Li0n worm cyberattack of March 2001. ISC provides free analysis, tools and warning services and works with Internet service providers to fight back against malicious attackers.
Open Threat Exchange (OTX) is AlienVault’s public threat information-sharing and analysis network. Enabling OTX in the company’s open source security information and event management (OSSIM) platform allows agencies to anonymously share threat information with the OTX community and, in return, receive threat updates every half hour.
Malwr is both a free malware analysis service (based on Cuckoo Sandbox) and a community built around it, managed by volunteer security experts. Using this malware analysis system, participating agencies share suspicious files and receive detailed data on how the files work, what they would do on a system if deployed, and insights into the context, motivations and goals of breaches that make use of such files.
Hail a TAXII (Trusted Automated Exchange of Indicator Information) is a repository of open source cyberthreat intelligence feeds, served up in a STIX (structured threat information expression) format, developed by Soltra. Agencies that sign up for these free feeds are able to receive, process and also route threat intelligence to and from the broader TAXII community. (Learn more about TAXII and STIX here).