A lot of threat intelligence providers are available online. How can you tell the good ones from the bad ones? Threats are coming at a more rapid pace in this day and age. We need to arm ourselves with knowledge. How can we protect ourselves against a threat if we cannot tell which threat intelligence providers or threat intelligence services are the right ones?
Human Intelligence and Threat Intelligence Services
1) Did you know that sometimes we are our own worse nightmare or enemy? That is why human intelligence ranks at number one for the types of threat intelligence services. HUMINT generally falls under military intelligence. It used to be that people would just collect data on each other. Now that practice has evolved to the point of including technology and the machines that accompany them.
The one disadvantage to that is to gather the information necessary analysts have to go into portions of the web that should be considered off-limits, including the dark web. That can leave the person open to being involved with a security breach or hacking, just to name a few. That is why we are sometimes our own worst enemy. We sometimes get curious about things that we should stay away from.
2) Data feeds are the second types of threat intelligence services you should concern yourself with. Data feeds such as online subscriptions and surveys might seem harmless to some people. They are just gathering information in real time, after all. However, there is direct and indirect harm to unleashing these types of threads.
Who is to say that someone will not come in to attack an infrastructure? Who is to say that someone will not use that information against the person they have collected it from? There is a lot of potentials for some dark web hacker to take the information you provided, harmless, though it may be, and use it for their own agenda.
They can take your email address and attach a malicious work into your IP address. They send you the email. You open it in an unsuspecting way. Your computer is now compromised.
3) Intelligence platforms are the third kind. The platforms help to organize the feeds and get rid of duplications as they come up. The only problem is that they are very time-consuming. There is also a lot of data to go through. Some of the data might not be backed up by a real person. How can you recognize and respond to a threat with so much information, if there is one there?
That is why this particular brand of threat intelligence should be very worrisome to a lot of people, especially when it gets combined into a complete threat analysis. The question still remains: How can you begin to recognize a true threat when you throw everything together, including data that might not be real or relevant?