What Social Media Has to Offer Threat Intelligence

 Social media is the first spot many security analysts go to learn about threat intelligence, creating a popular community for sharing information about cyber-attacks.

As new threat vectors emerge and grow in numbers, cybersecurity defenders are left with the daunting task of thwarting a rising volume of increasingly sophisticated attacks. Accordingly, threat intelligence has never been a more important tool for enterprises trying to keep up.

Effective threat intelligence is built on knowledge-sharing both within and across organizations. Social media has proven to be a valuable tool for facilitating such cross-organizational collaboration, with 44% of organizations citing the utility social media-borne intelligence brings to their digital protection solutions. As social platforms and open-source tools, from mainstream platforms like Twitter to more specialist forums such as MalwareBazaar, continue demonstrating their value for thwarting threats in the constantly evolving cyber landscape, security professionals should learn how best to use these tools to their advantage.

It Takes a Village

Considering the vast array of attack vectors today, organizations have a hard time keeping up with the frequency and sophistication of cyber-attacks -- especially if they don’t employ an efficient, advanced security system and develop a balanced and well-structured cyber strategy. To understand the full scope of emerging attack trends, threat intelligence requires security professionals to work together to maintain a real-time awareness of the evolving attack landscape. Thus, threat intelligence requires tools that can communicate and disseminate the vast array of new and evolving threats, sourced openly from researchers worldwide.

For many security analysts, Twitter has become ground-zero for threat intelligence synergy. The public-facing nature of Twitter, combined with its accessible interface, enables users to post about any threat widely and instantaneously, and to learn about threats other analysts have shared. Some of the biggest threat intelligence accounts, such as @Gi7w0rm and @JAMESWT_MHT, have gained as many as 30,000 followers who regularly turn to them for threat intelligence updates.

Beyond Twitter, cyber specific open-source tools such as MalwareBazaar allow analysts to share IOCs and other files that can prove useful in identifying and thwarting threats.

Give and Take

These open-source communities serve as a vital resource to grow knowledge and experience, as they provide insight and feedback on different threat types and how to defend against them. Moreover, they offer security professionals opportunities to develop new professional relationships in the field and to support one another in the shared pursuit of cyber protection.

Individual analysts are not the only ones who can leverage these professional networks -- many organizations involved in threat intelligence are now creating branded business accounts, where they can actively post any threats their group encounters. As with any open-source or social media-based community, these networks are most useful when there is a give-and-take from all invested parties.