Why Domain Names Can Be A Reliable Source of Threat Data
One of the main challenges for threat intelligence service providers nowadays is determining which sources they should use or compile in their solutions for optimal results.
Just like any data analytics tool, the value of threat intelligence platforms will highly depend on what’s been put into them. In fact, you may have all the features to detect threats and even the best experts in the industry to help with interpretation and still have a hard time getting actionable intelligence due to bad sources of data.
With so many threats that abound in the modern world, the last thing you want is to have your specialists chasing down irrelevant, old, or non-existent threats. Basically, threat data that is sourced poorly only increases the risk for any company.
So how can you ensure that the quality of the data in your threat intelligence solutions is ideal? To help you answer that question, here’s a rundown of what attributes you need to look out for when choosing the right data sources, followed by how WHOIS can support threat intelligence efforts.
Quality of Data and Origin
The first thing you want to make sure of is that the threat data you are getting is accurate. After choosing a new source, you can often gather solid metrics that can be linked to a threat or an attack. However, here are a couple of aspects you should consider in your selection:
- The origin of your threat intelligence and how it is obtained, especially since some vendors gather data based on inputs from other sources such as community submissions, and might be doing so without checking for accuracy first.
- The reliability of your threat data, as some information may not be consistently gathered. In short, you need a reliable source — one that is always up and running.
A wide range of threats are introduced regularly by threat actors, some on a daily basis. If your source is incapable of checking for the latest threats on a global scale, then you’re only seeing a small portion of the overall picture.
When choosing a source for your threat intelligence needs, it’s essential that you consider the extent by which it monitors malicious behaviors.
The main goal when companies decide to use a set of threat intelligence tools is to make sure that they stay abreast of the latest threats. That is why, as a provider, you may want to assess the freshness of the data you get from your own sources. If your service is getting old data, then some of the threat indicators on it may no longer be relevant to your users’ needs.
Finally, the threat data your solutions offer has to be unique. You want to make sure that you are giving your users new insights into what they can expect these days and even in the future. It’s possible to identify overlaps between what you already possess and the data from a new source. This will tell you if the source you wish to add is indeed valuable for you and your clients.
Domain Names as a Source of Threat Intelligence Data
Today’s threat actors establish their own IT infrastructure to launch attacks more effectively. To reach targets wherever they may be in the world, cyber attackers register domains for various malicious sites and backups in case some of these get flagged and consequently blocked.
As a source of threat intelligence, WHOIS offers quality data that include the contact information of the registrant, his address, registrar, and more on millions of domains across thousands of TLDs on a global scale. This means that you can acquire information on even those that use ccTLDs such as .uk, .fr, .cn, .us, and others. This capacity is especially useful in identifying threats that originate from and target users in specific countries.
What’s more, you can obtain more in-depth background information on all the sites and devices accessing your network and add malicious domains to your blacklist. That way, even if the attacker uses a different email address or name when sending spam, for instance, and one of your company’s employees is baited to click a link on it, as long as that leads to a domain you are already blocking, no harm will be done to your business.
Numerous businesses and enterprises are now relying on threat intelligence solutions and services to keep their assets safe from threat actors. However, providers will have to step up by using legitimate sources for their threat data in order to remain competitive.Read the other articles