Home / Industry

DIY Threat Intelligence Gathering If Your Security Solutions Seem Lacking

Security solutions are not made equal. Some are better than others when it comes to providing overall protection, but most will require you to buy an entire suite that's enough to break the bank just so you'd feel safe from cyber attacks. So what are you to do if your budget just isn't big enough to afford all-around protection?

One way to remedy the situation is to gather and enrich your threat intelligence so you can proactively enhance your company's security posture. There are tools that can help you do that, which won't cost as much as buying an entire suite of security solutions that you're not even sure your current infrastructure would be able to support.

To choose the right tool, I compiled a list of threat indicators below that you should look out for to make sure your business stays protected from all kinds of cybercrimes.

  • IP resolution: We all know that a company typically owns an entire IP block or blocks, depending on its size. With an IP address on hand, you can check if a certain IP address accessing your website indeed belongs to the organization it claims to by checking if it does resolve to that company's IP range. If the address in question is located in, say, another country (not where the supposed owner's company is found), then it could be malicious and should probably be blocked from accessing your domain.
  • SSL certificates: An organization that uses SSL certificates is generally trustworthy. That said, check if your site visitors and users whom you exchange emails with (suppliers, partners, and other third-party companies) are SSL-certified and if their SSL chains are properly configured. Be wary of those whose SSL certificates, chains, and configurations aren't up-to-date and contain questionable information.
  • Website content: Doing background checks on individuals and companies that your business interacts with is essential amid a plethora of threats lurking in every corner of the Web today. Make sure that the people you're doing business with are legitimate individuals or companies and not cybercriminals by checking out their virtual properties.
  • Malware: Insufficiently secured websites are prone to compromise. Even the biggest companies can be hacked so their sites can serve as malware distributors. Run domains against malware feeds to make sure they are safe to access. Keep in mind that visiting malware-laden sites, something, not all employees may be aware of, can lead to drive-by downloads or redirect users to malicious pages.
  • WHOIS records: All registered domains should have updated and completely filled-up WHOIS records. Make sure that none of the domains accessing yours are owned by cybercriminals or attackers trying to get into your network for various nefarious purposes. WHOIS records are a great way to see who is accessing your site and what his intentions are.
  • Mail servers: If you're worried that your company is being targeted by phishers or any other kind of fraudster through spam, for instance, determining the suspicious emails' source is easy with the right tool. Check the MX server records of the questionable emails' sender to make sure they resolve to the right address. If they don't, then block them so none of your employees can be tricked into downloading attachments or clicking links that could put your organization at risk. There's a reason for the cybersecurity cliche, "Humans are the weakest link."
  • Nameservers: Legitimate organizations indicate their nameservers in their WHOIS records. That said, you can cross-check suspicious nameservers against a white list to make sure they're not being run by threat actors pretending to be part of a well-known company, especially one you work or interact with.

Security companies generally collect the same threat intelligence to verify how safe a website is. To ensure that your digital assets always remain threat-free, look out for the indicators of compromise (IoCs) listed above. Create a blacklist that you can easily integrate into your existing security infrastructure, especially if you feel that your solutions are somewhat lacking. And if you don't want to end up in someone else's blacklist, make sure your domain meets the same criteria you're subjecting visitors' domains to.

Proactive protection doesn't need to cost you an arm and a leg. You just need to know how threats can end up in your network and systems and block them before they can harm your business. Look for a tool that arms you with sufficient threat intelligence to safeguard your virtual realm without running your company budget to the ground.

Threat Intelligence Platform (TIP)

About Threat Intelligence Platform (TIP) – Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit. Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC

Cybercrime

Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias