My presentation at SANS CTI Summit 2021 is now online! The presentation is all about the past, present and future of Threat Intelligence Platforms (TIPs). The title of the presentation is “Still thinking your Ex(cel)? Here are some TIPs“.Continue reading “SANS CTI Summit 2021 Video Recording”
Having a Threat Intelligence Platform (TIP) is a good thing for the CTI team. However, this raises the follow-up question:
How do you select the best TIP for your organisation?Continue reading “Excel-ing at Threat Intelligence Platform (TIP) Requirements”
On 30 and 31 of January, ENISA CTI-EU 2020 took place in Brussels. The conference was a splendid CTI bonding event bringing together 20 speakers, 160 participants and 9 vendors of CTI products.
ENISA did a great job to bring together all the above stakeholders and build an environment for connecting and exchanging ideas regarding CTI (especially within European context). Such an event is much needed within Europe since there are not a lot of opportunities to connect CTI peers from the industry with people from the public sector and from the European Commission.
January was an interesting moth for CTI practitioners! I took some time and collected the major articles and presentations that I read and watched during January 2019.
I hope you enjoy it. Continue reading “Threat Intel Reads – January 2019”
ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of TIP users, developers, vendors and the security research community.
The study channels its efforts into identifying some of the key opportunities and limitations of existing platforms and solutions, since information exchange formats and tools remain central items on the agenda of the cybersecurity community in general, and particularly of incident responders.
I recently came across an interesting research paper from University of Innsbruck. The title of the parer is “Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives“.
According to the abstract of the paper: “In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyber attacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived 8 key findings and discuss how existing gaps should be addressed by future research.”
The authors conduct their research by exploring the capabilities of the following 22 Threat Intelligence Platforms: