The miners replaced the cryptographers

We at Solar JSOC permanently collect impersonal data on events and incidents of information security in customer infrastructures. On the basis of this information, we do an analysis every six months, which demonstrates how attacks on Russian organizations are changing. Today we have collected for you the most interesting trends of the second half of 2017
 
 
The miners replaced the cryptographers  
they told , how to properly build the process of using external sources of threat information. Here are the types of Threat Intelligence we use:
 
 
 
Opensource - open databases of malware indicators, management servers and phishing links. As a rule, in the context of detection using SIEM-platforms, only network indicators are relevant.
 
Reputation feeds - paid subscriptions to reputation lists of malicious software, management servers and phishing links. As a rule, in the context of detection using SIEM-platforms, only network indicators are relevant.
 
APT /IOC reporting - paid subscriptions for detailed descriptions of 0day malicious bodies, including, including the description of exploitable vulnerabilities, and host indicators of malicious software.
 
Information Exchange - information obtained through information exchanges with state, departmental and foreign incident response centers (CERT).
 
Internal Solar JSOC database - indicators derived from own Solar JSOC research or incident investigations.
 
User experience - the information received directly from users of clients (successful counteraction of social engineering, detection of phishing mailings, etc.).
 
 
And which of them were most useful in the second half of 2017:
 
 
+ 0 -

Add comment