Leverage Threat Intelligence Feeds to Level Up Your Security Strategy

Every day, cybersecurity researchers discover dozens of new vulnerabilities, malware packages, and cyber criminals. One way for IT teams to stay on top of these threats is to monitor threat intelligence feeds. These databases provide real-time information on both established and emerging cyber threats, allowing organizations to catalog and analyze the results. This is particularly salient in the era of hybrid and remote work, as mobile devices are particularly tempting targets for cyber attacks.

A good threat intelligence platform should provide an intuitive dashboard, sophisticated analytics, and up-to-the-minute information on the latest threats. It should also track known indicators of compromise (IOCs), such as IP addresses, malware signatures, and emails with common phishing terms. Some modern platforms even incorporate artificial intelligence (AI) algorithms to discover patterns among novel cyber attacks.

By incorporating a threat intelligence feed into your cybersecurity framework, you can identify potential sources of risk to your organization’s mobile devices and develop countermeasures in advance.

‍

What is a threat intelligence feed?

Threat intelligence feeds are huge databases that monitor a variety of cyber threats. A typical threat intelligence feed might contain information about specific pieces of malware, common IOCs, known threat actors, trending cyber crime techniques, and advanced persistent threats (APTs). Essentially, any data that could help IT administrators discover, track, and counteract cyber threats belongs in a threat intelligence feed.

A good feed also needs constant updates. At the time of writing, for example, researchers have discovered critical vulnerabilities in both Android and iOS within the last two weeks. A platform that updates on a monthly schedule — or slower — simply won’t be able to keep up with all the latest cyber threats.

With the sheer number of malware and vulnerabilities that crop up each day, it’s a good idea to follow multiple threat intelligence feeds. Furthermore, while some platforms simply compile data about known threats, the most effective resources also provide analysis, helping IT administrators prioritize and address the most relevant risks. While it’s not practical to sift through dozens of threat databases every day, choosing a few reliable, rigorously researched sources can paint a more complete picture of current cyber threats.

While threat intelligence databases exist for just about every device with an operating system (OS), focusing on mobile devices may pay dividends for your organization. As discussed above, mobile vulnerabilities are both common and frequent. Mobile devices are especially vulnerable to phishing, between email clients, short message service (SMS) applications, and social media sites. Employees may also bring their own mobile devices to work, which creates a whole new set of risks.

‍

Benefits of threat intelligence feeds

Accurate risk assessments

There are thousands of variables that go into your organization’s cybersecurity posture, from the software you install to the industry in which you operate to the mobile devices your employees use. Identifying and mitigating every possible risk isn’t feasible. A threat intelligence platform can help you determine which vulnerabilities, malware, and cyber crime organizations are most likely to affect your employees. Once your IT department knows which threats your users are likely to encounter, they can tailor their defensive strategies accordingly. Otherwise, your organization could spend valuable time and resources preparing for threats they’ll never encounter.

Effective incident response

No matter how well-protected your organization is, you could still suffer a data breach. If that happens, you’ll want to oust the infiltrator, recover your data, and reinforce your cybersecurity framework as soon as possible. Threat intelligence platforms can analyze the specific phishing techniques, URLs, and malware packages that threat actors use to compromise your organization. If you know exactly how a cyber criminal is carrying out an attack, you can thwart them and mitigate the fallout more effectively.

Specific information about threat actors

Cyber attacks can come from disgruntled individuals, sophisticated cyber crime rings, or even antagonistic nation-states. Knowing where threats come from can make a huge difference when planning your defenses. Your IT team can block particular IP addresses, URLs, or app downloads. You can also instruct your employees to be particularly wary of calls or texts with certain country codes.

Providing context for each threat can be especially valuable for smartphones and tablets, as threat actors may prefer to target certain mobile devices. If a large part of your workforce uses a particular OS or app, you can prioritize protecting those systems.

‍

How to use threat intelligence feeds

Once you’ve chosen the right platforms, your IT team should learn how to use threat intelligence feeds effectively. If you’ve chosen a feed with a user-friendly interface, you should be able to easily identify common IOCs. From there, you can cross-reference them with the hardware, software, and access patterns at your organization. If you spot likely vulnerabilities, mitigate them by issuing patches, blocking access, or updating policies as needed.

The exact steps will depend on the threats you find and the technology your organization uses, but research and analysis are always the first steps. After that, consider the following best practices for threat intelligence feeds:

• Consult different feeds: Professional cybersecurity companies offer paid threat intelligence feed subscriptions, while enthusiast communities maintain open-source databases. While it’s not necessary to pore through dozens of feeds each day, consulting a few can give you a more complete picture of the current cybersecurity scene. 
• Prioritize vulnerabilities: No matter how diligent your IT team is, you cannot mitigate every single threat your organization might encounter. Instead, focus on mobile vulnerability management, which can help your organization prioritize the most pressing risks.
• Reevaluate your hardware and software: As you research threat intelligence, you may discover that certain devices, OS versions, and apps come up again and again. Create a plan for keeping this hardware and software up to date. If that’s not feasible, consider whether you can use an alternative piece of technology instead.
• Educate your staff: Threat intelligence feeds can help identify mobile phishing and other types of social engineering that your staff may encounter. Teach your employees about trending threats and how to react if they encounter scams or malware.
• Complement with mobile EDR: Once you’ve done your research, you can use a mobile endpoint detection and response (EDR) solution to protect employee devices from cyber threats. Mobile EDR defends smartphones and tablets against phishing and malware while providing attack vector telemetry for your security team.

‍

Defend your organization with a threat intelligence platform

Threat intelligence feeds offer your IT department both the data and the analysis they need to make informed decisions about your cybersecurity posture. The Lookout Threat Intelligence Platform features the latest insights on vulnerabilities and malware, as well as information about specific threat actors and their techniques. A team of former penetration testers, government analysts, and vulnerability researchers maintains the database, offering their expertise on pressing IOCs. The feed contains data from more than 215 mobile devices and 190 million app installations.

The Lookout Threat Intelligence platform also offers real-time incident reporting, direct access to malware binaries, and custom cybersecurity workshops for your staff. The more you know about emerging cyber threats, the better you can protect your employees and your sensitive data.