Twitter can be both an extremely fun and infuriating medium to communicate via. Limited to 140 characters, one has to resort to creative ways to make a point succinctly.
Last week, we thought we’d kick the proverbial hornets nest with a tweet chat on the topic of threat intelligence. As expected, the conversation flowed fast and furious and often down many rabbit holes; continuing long after the hour we had set aside for the chat.
Here are some of the highlights of our favourite comments:
Ali-Reza Anghaie fired off a rapid succession of tweets that he seemingly had queued up and saved for this precise moment in time
Wendy Nather chimed in with her viewpoint
"Good threat intel" = Magic 8 balls "Bad threat intel" = pew-pew maps https://t.co/BkePp85oIE— Wendy Nather (@451wendy) May 7, 2015
And then we were off to the races. Quentyn Taylor felt the reputation of a threat intel provider was of importance when deciding on the quality of the feed.
@alienvault past experience - do they have a good track record ?— Quentyn Taylor (@quentynblog) May 7, 2015
Gabe touched upon the oft-mentioned aspect of context.
On a more technical level, Alex Pinto felt that the sources of threat intel data was of great importance.
Ian Amit touched on the importance of threat intel needing to be relevant to a company’s own threat model. Adding weight to Gabe’s earlier comment about the data needing to be contextually relevant.
Dr. Kryptia lamented the disproportionate focus put on APTs (advanced persistent threats) versus the basic threats which more common attack
Our own Jaime Blasco shared his thoughts on the question as to the importance of incorporating threat intelligence into an information security program.
On the uses of threat intelligence, Dan Glass reminded everyone that threat intelligence is a program and not a product.
To Dan’s point, AlienVaults’ Andy Manoske clarified the company perspective on IOC’s and threat intelligence.
Dan’s comment also tied into Wendy’s comment that questioned the true nature of indicators of compromise (IOCs) and whether they are just an evolution of signatures used in traditional anti-virus detection technologies.
Ian Amit summed up the sentiment in the only way you can on the internet, via a meme.