What are your preferred sources for threat intelligence?

1.6k views15 Comments

Principal Information Security Officer in Education, 10,001+ employees
Paid: Cisco Talos, Palo Alto, Mandiant, Crowdstrike, Proofpoint / Emerging Threats
Free / Open Source: AlienVault Open Threat Exchange, CISA, SANS, SpamHaus
Director, Strategic Security Initiatives in Software, 10,001+ employees
Palo Alto, Crowdstrike, Proofpoint / Emerging Threats, CISA, SANS
Director of Tech and Cyber Strategy in Finance (non-banking), 1,001 - 5,000 employees
We look at a variety of them, many mentioned below including Alienvault, CISA, Sans, Fortinet, and Mandient’s free feed.
CISO in Software, 10,001+ employees
We use a combination of paid sources specific to the Cloud environment, IT-ISAC community as well as our own collected and curated TI as a technology cloud provider as well.
Director of Information Security in Energy and Utilities, 1,001 - 5,000 employees
Even the paid ones are too noisy to me.  But I like the paid version of proofpoint data.  Otherwise, what I prefer is the internal data we gather from our business operations. 
CIO/CISO in Healthcare and Biotech, 11 - 50 employees
Commercial sources include PA, Mandiant, StrikeReady
Open source include CISA and the ISAC feeds
Director, Security Operations in Telecommunication, 501 - 1,000 employees
We  use a mix of free feeds and paid services, which include CISA/CERT, ISAC, Arctic Wolf, Tenable, SANS and Crowdstrike.
Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking), 10,001+ employees
Fortinet, Mandiant, Crowdstrike, New Wire - Government updates
CISO in Education, 10,001+ employees
Mandiant, Proofpoint, ren-isac, Heath isac, infragard are my primary sources.
Head of IT and Security in Finance (non-banking), 51 - 200 employees
We mostly rely on our resellers who have their own reports tailored to their customers environment based on the equipments that have been purchased. However, as a security team we regularly check Microsoft and Cisco for new emerging threats. 

Content you might like

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments