Evaluating Threat Intelligence Sources
With the expanding attack surface and the growing sophistication of threats, just reacting to an incident is not enough. Increasingly complex environments provide multiple opportunities for attackers. Each industry and each organization has its own unique data to protect, and uses its own set of applications, technologies, etc. All this introduces an enormous number of variables into possible methods of executing an attack, with new methods emerging daily.
Over the last couple of years, we have observed the blurring of boundaries between different types of threat and different types of threat actors. Methods and tools that were previously a threat to a limited number of organizations have spread to the broader market. One example of this is the dumping of code by the Shadow Brokers group, which put advanced exploits at the disposal of criminal groups that would not otherwise have had access to that kind of sophisticated code.