So you may be interested in a career in cyber threat intelligence because data collection and analysis has been your wheelhouse in the past. But it’s a good idea to survey the landscape before you spend money on getting certified or gaining college credit on the subject. It’s a good idea to take a look at what’s out there before you move forward in your career.
7 Cyber Threat Intelligence Platforms to Check Out
You have probably heard of MITRE and have an idea of how to nose around their databases, but it’s good to also broaden your horizons. Here are some sites and tools that allow you to do just that in advance of jumping in.
1. Pulsedive
Pulsedive is a free web-based threat intelligence platform that will analyze IP addresses, domain names, mail servers and URLs for indicators of compromise. It has other features as well but for the novice, plug in a IP address and watch it go to work.
2. AlienVault or OTX
AlienVault or OTX is another free web-based platform that uses a bulletin board style to give you information on such things as web scanners detected on networks that have been reported, phishing domains and URLs and current malware updates.
3. Yeti and MISP
Yeti and MISP are lumped to together, because both are open source platforms that government agencies and first responders rely on. The information sharing interface is impressive; however, neither of the seem to work on Windows and must be built into a Linux or MAC OS or on a virtual machine. Not for the beginner but they impressive when the user understands their capabilities.
4. CrowdSec Console
CrowdSec Console bills itself as the largest crowd sourced cyber threat intelligence provider of up to date information. Has a free community membership that should be very informative for the beginner.
5. Google Docs APT Database
Google Docs APT Database may be my favorite threat actor database, simply because it is free, very well maintained and has loads of information about actors. Integrate MITRE Att&ck codes into the information. Not sure specifically who I thank for this sterling website, but they are very valuable to the industry.
6. HoneyDB
Honeypots are just what the sound like, traps to get someone to exploit a vulnerability on a system….except there is not really a vulnerability and the victim instead leaves a large footprint to be traced. HoneyDB is very easy to navigate, up to date, and while might be a bit complicated to understand for a novice, it is still very eye opening as to the sheer volume of Honey Pots that are out there.
7. Vendor Sponsored Platforms and Tools
Threat intelligence is a big business and the industry wants to make sure the customer knows how great their products are. Thus, they put out a snippet of what they can do free to the public. Many times the information is surprisingly detailed and analyzed. Some examples are products by Cisco, Kapersky, Sophos, and Amazon.
These are just a fraction of what is out there but should give you enough to explore. Cybersecurity is a big tent ranging from forensics to ethical hacking to disinformation and intelligence. Looking at the sites provided might help your career decision easier.