PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July / August 2014 Vol. 16 / No. 6

Network security: Threat intelligence feeds parse a sea of data

Many enterprises have made substantial investments in security information and event management and log management technologies over the years to collect, manage and analyze logs. Advances in large-scale analytics enable a well-honed security program to use data to spot anomalies and analyze attacks. However, it is feasy to be overcome by a deluge of indicators and warnings derived from this data. Security intelligence promises to bring more focus to this task. Instead of blindly looking for "new" and "abnormal" events, we are now able to search for specific IP addresses, URLs or payload patterns. This is particularly important because compromises remain undetected for long periods of time; most companies are notified by external entities, not by internal sensors -- despite advances in data collection and event monitoring. Today, the number of threat intelligence feeds continues to expand, from free open source data provided by the larger network security community; to vetted and aggregated commercial products; to closed ...

Features in this issue

Columns in this issue