TI_Cristina_OpenSource-1

A Tale of Two Threat Intelligence Solutions – Open Source (OSINT) & Commercial

Reading time: 11 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

The threat landscape is constantly changing. A few months into the pandemic, as most human operations shifted online, the number of attacks reported went through the roof. Everyone shifted to remote working, and cyber-criminals were quick to exploit the vulnerabilities in the organization’s environment due to this new arrangement.

The number of attacks has increased every quarter since 2020. According to the 2022 Data Breach Investigations Report, ransomware has continued its upward trend this year, with an almost 13% increase – a rise as big as the last five years combined. The attacks included encryption, data theft, denial of service, harassment and more.

Crucially, Q1 of 2022, the quarter which traditionally has the lowest number of data compromises in the year, saw a 90% increase in cyberattacks, according to data published by the Identity Theft Resource Center, mentioned by Security Magazine[1]. The numbers are worrisome, but easy to explain due to the increased activity of hacktivists, APT (Advanced Persistent Threat) Groups, lone wolf hackers, and cybercriminals specialized in ransomware.

The good news is that organizations and institutions are doing a better job fighting off these attacks with high-performing solutions – despite the awfully high number of attacks, the number of victims whose data has been stolen and used for criminal gains was 50% lower in Q1 of 2022 than in Q1 of 2021.[2]

Open Source (OSINT) vs. Commercial Threat Intelligence Solutions

Created to meet the challenges of an ever-changing threat landscape, threat intelligence is highly adaptable and personalized. Used properly, threat intelligence can give you insights that will change your strategy from reactive (after an attack has occurred, barely doing damage control) to proactive, by prioritizing your actions and reducing noise, improving your defenses, patching exploitable vulnerabilities, and detecting low-profile infiltration and exfiltration attempts.

Open Source Threat Intelligence (OSINT)

The open source threat intelligence solution (OSINT) is information made available for all.

The main advantage of open source threat intelligence? It is free and accessible to all.

The main disadvantage of open source threat intelligence? It is free and accessible to all.

In other words, the information your SOC analysts use to discover possible system vulnerabilities to improve your protection system is the same information threat actors use to see which vulnerabilities are not worrying analysts and which ones they can exploit. In addition, OSINT has considerable limitations.

For starters, the data is not curated, and no one is accountable for it, so the SOC analyst must go through it and decide what is relevant and what is just noise. This makes the information less trustworthy, and it consumes a lot of resources.

Secondly, OSINT is not updated, which is a downside considering the high frequency of attacks and their increased complexity. What is more, attackers can easily cover their tracks by using new lPs, domains and files, or they can even insert false information and fake logs. The sheer amount of data that needs to be scanned for this information about one threat actor to become relevant is overwhelming. This makes the information available in open source channels less actionable. Given the current day cyber threats, time is important.

Small and medium-sized businesses alone are more prone to attacks, not because they are targeted for impressive benefits, but because their vulnerabilities are easily discovered using open source intelligence techniques.

Open source intelligence could play a part in your prevention efforts but, as far as detection and response go, it is inefficient.

Commercial Threat Intelligence

As with every paid service, you have added value and a couple of guarantees. For instance, if you rely on information from an open source, you never have the guarantee that the information is properly updated. If the people making their findings available don’t do a thorough job, if their work is not monitored and vetted, what is to say this is truly reliable information? This is not the case for a commercial solution, which can only give you checked, double-checked and updated information.

Visibility The threat intelligence lifecycle starts by asking the right questions about your cybersecurity. Once you set a goal, you look for vulnerabilities in that area before threat actors get to exploit them. The commercial option gives you better visibility and performs a deeper analysis, enough to be able to narrow-down and pivot and come up faster with more relevant information.

Rich history searches are possible with commercial threat intelligence solutions, as opposed to OSINT, which may be newer and not consider out-of-favor malware, for example. If you have it in your system, it can still affect you even if it is old. Malware actors know that, and they periodically reactivate newer threats delivered with old mechanisms and infrastructure, just to stay under the radar.

Triage is crucial, as an excess of alerts induces ‘alert fatigue’ and staff may end up not reacting to a real threat. Commercial threat intelligence solutions come with severity and confidence levels for indicators of compromise (IoCs), so you end up taking better-suited measures.

Format consistency helps clients understand the information presented. And this does not only apply to IT specialists, but to company managers and decision makers as well. Open source threat intelligence data feeds come in all formats, and some information may appear as missing pieces that an analyst must assemble. Even with clever automation, interpretation of information transmitted this way is cumbersome. Commercial threat intelligence comes in a digestible format with all the information already processed and integrated. All you need to do is to take the right decisions for your company.

A commercial option can offer context and solutions. Clear analysis of a threat can tell you where it comes from, how badly it can affect your system, and what needs to be done. This is exactly the type of information you need, provided in a timely manner, instead of looking for yourself through endless data feeds that might in the end prove irrelevant.

Bitdefender Threat Intelligence

Bitdefender has come up with a Threat Intelligence solution meant to enrich your defenses and extend your visibility into the latest threats with accurate, first-hand data delivered in real time. It boasts an effective alert triage and accelerated incident response, all for you to make fast and informed decisions. It correlates hundreds of thousands of IoCs and delivers the information in an integrated fashion to the main platforms you are currently using.

The most important takeaway for the Bitdefender solution is that the insights provided are actionable, they save you time and money, and they have the obvious added value of keeping you protected in a world with increasing numbers of cyber attacks. It is an advanced option for the complex and highly specific needs of the SOC analyst.

Threat intelligence is the new way of navigating the digital world, with its vast volumes of information moving constantly online and becoming so valuable. Complex solutions such as these give organizations a fighting chance as they come under increasing attack. With a few exceptions, organizations are not targeted specifically, but attacks become a problem if no action is taken to prevent them, since attackers will exploit any vulnerability. Threat intelligence becomes a necessity.

Learn more about Bitdefender’s Threat Intelligence solution.

 

CONTACT AN EXPERT