Threat intelligence, by definition, should help you make informed decisions faster. In other words, it needs to provide context and it needs to be actionable. And that means it needs to be high confidence.
That’s why we’ve developed Certified Data Sets, higher-fidelity data sets that are collected and curated by Recorded Future. These generate new risk rules on Intelligence Cards, enhance risk scores, and create higher-confidence risk lists. Certified Data Sets are originated intelligence from Recorded Future. Where threat intelligence has already been the primary and best way to move from a reactive to proactive security stance, this originated intelligence represents another leap forward — from proactive to predictive.
And maybe the best part is that they’re included for everyone who’s already using the Recorded Future® Platform. Before we dive into Certified Data Sets more deeply, let’s look at some of the problems they’re aimed at solving.
The Need for High-Fidelity Intelligence
Security practitioners deal with countless alerts every day, many of which come out of external data that’s correlated with internal network data. But when the data lacks context, alerts are not reliable, and many of them turn out to be irrelevant or false positives. It’s a problem of garbage in, garbage out — low-quality data that leads to inconsistent results. Take threat feeds, for example, which are often misconstrued to be the same thing as threat intelligence. Simply incorporating a list of suspicious domains with no explanation or sourcing on why they’re suspicious will add to the burden of SOC analysts who need to research them further.
To make every security function easier, what’s needed is not necessarily more data, but data that’s higher fidelity. That’s what Certified Data Sets are for.
Threat Intelligence for Everyone
For cyber threat intelligence, the old wisdom of “quality over quantity” becomes something of a false dichotomy. To produce quality threat intelligence, a large quantity of data is needed to start with, and that’s where machine learning can do the job better than any number of human analysts can. Recorded Future, for example, gets data from the open and dark web, as well as technical sources — as much in a year as nearly 9,000 analysts working eight-hour shifts, five days a week, for that year. In short, no stone is left unturned.
But, again, the problem that arises is that of getting overwhelmed by all that data. How do we know what’s useful and what’s not? “Where’s the good stuff?” is something we hear clients ask all the time.
This is the good stuff. We mentioned before how this represents a shift from proactive to predictive security. Our threat intelligence has always been built out of large-scale data sets that are organized automatically using risk rules and risk scores. This approach has provided a historical and real-time view of the threat landscape, giving security practitioners the context to move from a purely reactive approach to security to a proactive one. Now, we’re taking that data a step further, and using our expert intelligence to profile the tactics, techniques, and procedures (TTPs) that threat actors are using and identifying them as soon as they’re enabled — and before they’re used in an attack.
With Certified Data Sets, the unmatched scale of data gathered by our machine learning processes is then verified using advanced methodology developed by our data science group and our in-house research team, Insikt Group. What comes out of that process are proprietary, curated risk lists, made up of only high-fidelity and trustworthy sources and able to predict attacks before they happen. This is “block-grade” data — data that’s good enough that you can use it to automatically block high-risk IOCs with confidence, automating even more work for your team and ensuring better security.
What to Do With Certified Data Sets
Because Certified Data Sets are high confidence, you can reliably use them to automatically block indicators at your firewall, email security, and endpoint solutions without needing to do additional validation. Right now, there are ten categories of Certified Data Sets available, amounting to around 300 unique downloadable data sets in total, and that list is growing. Below are two examples of data sets that deal with exploits currently being used by threat actors in the real world, and what you can do with them.
1. Exploits in the Wild — Vulnerabilities [Patch] Data Set
Vulnerability management teams can use our technical intelligence to prioritize patching based on which vulnerabilities are actively being exploited in the wild by malware. With a methodology that we’re calling Recorded Future Malware Hunting, we can monitor the activity of malware in the wild and track sightings across multiple sources to produce this intelligence. In their 2019 “Market Guide for Security Threat Intelligence Products and Services,” Gartner said that “the number one priority [for vulnerability management] is on ‘which of your vulnerabilities are being exploited in the wild.’” This data set homes in on exactly those vulnerabilities.
2. Exploits in the Wild — Hashes [Prevent] Data Set
Security teams can block malware affecting vulnerabilities of concern by hash while they patch. This will help organizations stay protected faster — we know that many patching programs take up to a year to achieve 99% update rate across an organization, and even then, some endpoint protection tools have gaps in coverage. We’re currently tracking 21,734 unique malware hashes that are known to exploit vulnerabilities.
Learn More
Intelligence is great, if you know what to do with it. But many solutions today are akin to giving someone a blank piece of paper and a dictionary and then saying, “Write me a story using some of these words.” It can just be a little difficult to know where to start, and even more difficult to know whether you’re on the right track.
For more information, try a personalized demo of Recorded Future today.
The post With Certified Data Sets, Get Originated Threat Intelligence You Can Trust appeared first on Recorded Future.
Article Link: https://www.recordedfuture.com/certified-data-sets/