Threat Intelligence and Sources

Question 1

What is Timeliness?

Answer 1

Property of an intelligence source that ensures it is up to date.

Question 2

What is Relevancy?

Answer 2

Property of an intelligence source that ensures it matches the use cases intended for it.

Question 3

What is Accuracy?

Answer 3

Property of an intelligence source that ensures it produces effective results.

Question 4

What is Confidence Levels?

Answer 4

Property of an intelligence source that ensures it produces qualified statements about reliability.

Question 5

What is Proprietary?

Answer 5

Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee.

Question 6

What is a Closed Source?

Answer 6

Data that is derived from the provider’s own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.

Question 7

What is an Open Source?

Answer 7

Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and may contain reputation lists and malware signature databases.

Question 8

What are examples of Open Sources?

Answer 8

1. US-CERT
2. UK’s NCSC
3. AT&T SECURITY
4. MISP
5. VirusTotal
6. Spamhaus
7. SANS ISC Suspicious Domains

Question 9

What is Open Source Intelligence?

Answer 9

Methods of obtaining information about a person or organization through public records, websites, and social media.