{"id":5548,"date":"2020-09-19T09:23:52","date_gmt":"2020-09-19T16:23:52","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5548"},"modified":"2023-10-12T13:52:27","modified_gmt":"2023-10-12T20:52:27","slug":"the-value-of-multi-feed-threat-intelligence","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/","title":{"rendered":"The Value of Multi-Feed Threat Intelligence"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you cannot prevent an attack, it is then essential to identify attacks in progress, break the kill chain, and then shut them down. You must be able to rapidly identify which of your alerts represent a current and present danger and then move rapidly to mitigate them.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For enterprise cyber defenders, the volume of alerts received daily is massive. Many organizations see thousands to perhaps millions of security alerts in one day\u00b9<\/span><span style=\"font-weight: 400;\">. The SOC team and threat researchers must have the tools and time to triage those alerts and understand which are truly dangerous.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">How Many Sources of Threat Intelligence do You Need?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">In mid-August, researchers from the Delft University of Technology in the Netherlands and the Hasso Plattner Institute at the University of Potsdam, Germany, presented at the 29th Usenix conference and symposium\u00b2<\/span><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In fairness and context, respectfully submitted, their data gathering appeared very limited. They included some vendors that were paid sources of threat intelligence (TI) content and interviews with 14 security professionals that used paid TI.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some of their conclusions\u00b3<\/span><span style=\"font-weight: 400;\"> include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Between open and paid TI sources, there was almost no overlap in indicators.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Between two paid TI vendors, there was a 1.3% &#8211; 13% overlap in indicators. In other words, 13% of vendor #1\u2019s indicators were in vendor #2\u2019s set. 1.3% of vendor #2\u2019s indicators were in vendor #1\u2019s set.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">When the researchers drilled down to the 22 threat actors for which both vendors had indicators, they found an average overlap of no more than 2.5% &#8211; 4.0% per group, depending on the type of indicator. Further, this overlap occurs primarily with a handful number of actors.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Value is understood through the source, confidence, relevance, and actionability.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The point here is that most large enterprise and government entities need a wide variety of threat-informed intelligence to stay ahead of the threat actors. One source is not enough. We\u2019ll cover this again later in this blog and share how TIDE and Dossier, two components of Infoblox\u2019s security solution BloxOne Threat Defense, were designed for this.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Using Threat Intelligence in DNS to Detect and Block Malicious Activity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Using Threat intelligence in DNS to detect and block malicious activity helps mitigate attacks right where it starts &#8211; close to the endpoints. The distribution of threat intelligence to DNS can be done through response policy zones (RPZs).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition to using threat intelligence in DNS, analyzing the traffic in real-time as the queries and responses move through the DNS servers helps detect advanced threats like data exfiltration, Domain Generation Algorithms (DGAs), and others.\u00a0 This approach complements internal threat intelligence and is best suited to address the rapid pace of threat actor activity.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Other Potential Use Cases for Threat Intelligence<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">There are several use cases that these researchers identified as drivers for acquiring threat intelligence data. The first three use cases are very central to SOC operations day-to-day. Some of the use cases cited by the European researchers about threat intelligence (TI) follow:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Network detection<\/b><span style=\"font-weight: 400;\"> includes all instances in which TI is used to reduce attacker dwell time in an automated fashion, including correlating TI to logs, ingesting it in a SIEM or IDS, or using it in host-based detection controls.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Situational awareness<\/b><span style=\"font-weight: 400;\"> is a crucial SOC use case. This is so the SOC analysts have a general understanding of their organization\u2019s threat environment and risk profile.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>SOC prioritization<\/b><span style=\"font-weight: 400;\"> is a more practical use of TI, e.g., to assess how critical alerts are or to direct threat hunting efforts. This way, resources \u2013 especially the attention of analysts \u2013 can be allocated toward most relevant threats.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Informing business decisions<\/b><span style=\"font-weight: 400;\"> concerns the uses of TI to improve organizational decision-making. For example, a CISO used TI to evaluate the return on various options to invest in security controls. But some organizations use paid TI to assess the risks associated with a potential acquisition of international competitors, to gain a \u2018business decision advantage.\u2019\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Enrichment of an organization\u2019s threat intelligence<\/b><span style=\"font-weight: 400;\"> can help improve the organization\u2019s services and delivery. More specifically, those managed by SOC providers and government CERTs and TI teams to internal stakeholders.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Improving end-user awareness<\/b><span style=\"font-weight: 400;\"> is about using TI to educate the organization\u2019s broader employee population, e.g., security-awareness based on reports about recent phishing campaigns.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Threat hunting<\/b><span style=\"font-weight: 400;\"> is an active investigation using TI. Threat hunting is the type of research that requires human creativity and is currently hard to automate. Combining TI and other data can generate insights for an analyst on where and how to search for attacker activity in systems and networks.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Informing security engineering<\/b><span style=\"font-weight: 400;\"> includes using TI to organize vulnerability management to maintain the organization\u2019s internal systems. It also provides for prioritizing developer tasks, e.g., on a customer-facing app, based on observed attacker tactics.\u00a0<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">The Moral of the Story<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Threat actors continue to increase and improve their capabilities daily. There is too much activity unfolding globally for any one organization to cover completely. Let alone know about it. Threat intelligence tries to report on the status of a global war with a multitude of regional skirmishes unfolding in real-time. There is no single all-encompassing barometer with which to measure all of this. No one, save perhaps a few unnamed government agencies, has that comprehensive view to the data just yet.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Best practice today for the large enterprise and government entities requires the aggregation and management of multiple sets of paid, open-source, and internally developed threat intelligence. Multiple sources of threat-informed intelligence must be at your security team\u2019s fingertips. That\u2019s how government intelligence services aggregate, analyze, and reduce data closer to actionable knowledge.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox Threat Intelligence can help you leverage data on hundreds of thousands of valuable indicators published daily from various sources, including in-house research, commercial sources, government agencies, educational institutions, etc. Your team can potentially reduce the time to remediation and gain improvements to their productivity and effectiveness. You can share curated threat intelligence in real-time with your existing security systems, including next-generation firewalls, web proxies, SIEM, and SOAR platforms.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox Dossier helps you aggregate multiple threat intelligence sources in one dashboard and one powerful toolset. Infoblox Dossier potentially reduces the time for analysts to find what they need and increases their investigation accuracy by providing context for threat indicators. Infoblox Dossier enhances the coverage and may help you complete that one timely investigation to help your organization avoid a disaster.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The summary of the use cases for threat intelligence is quite compelling. We\u2019ll follow up on this with a white paper covering these in detail later this year. Stay tuned for more!<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about our threat intelligence products here:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/products\/threat-intelligence\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/threat-intelligence\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Review this solution note on Dossier: <\/span><a href=\"https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-solution-note-infoblox-dossier.pdf\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-solution-note-infoblox-dossier.pdf<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Review this video on Dossier for Faster Threat Investigation:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/resources\/videos\/dossier-for-faster-threat-investigation\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/resources\/videos\/dossier-for-faster-threat-investigation\/<\/span><\/a><\/p>\n<p>If you want to know more, please reach out to us directly via <a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<p>\u00b9<a href=\"https:\/\/www.imperva.com\/blog\/27-percent-of-it-professionals-receive-more-than-1-million-security-alerts-daily\/\">https:\/\/www.imperva.com\/blog\/27-percent-of-it-professionals-receive-more-than-1-million-security-alerts-daily\/<\/a><\/p>\n<p>\u00b2<a href=\"https:\/\/www.usenix.org\/system\/files\/sec20_slides_bouwman.pdf\">https:\/\/www.usenix.org\/system\/files\/sec20_slides_bouwman.pdf<\/a><\/p>\n<p>\u00b3<a href=\"https:\/\/www.usenix.org\/system\/files\/sec20-bouwman.pdf\">https:\/\/www.usenix.org\/system\/files\/sec20-bouwman.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0 If you cannot prevent an attack, it is then [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":5551,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[32,189,40,374,367,368,369],"class_list":{"0":"post-5548","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-malware","9":"tag-cybersecurity","10":"tag-threat-intelligence","11":"tag-enterprises","12":"tag-government","13":"tag-federal","14":"tag-state-and-local","15":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Value of Multi-Feed Threat Intelligence<\/title>\n<meta name=\"description\" content=\"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Value of Multi-Feed Threat Intelligence\" \/>\n<meta property=\"og:description\" content=\"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-19T16:23:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T20:52:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"523\" \/>\n\t<meta property=\"og:image:height\" content=\"359\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"The Value of Multi-Feed Threat Intelligence\",\"datePublished\":\"2020-09-19T16:23:52+00:00\",\"dateModified\":\"2023-10-12T20:52:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/\"},\"wordCount\":1228,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"keywords\":[\"Malware\",\"Cybersecurity\",\"Threat Intelligence\",\"enterprises\",\"Government\",\"Federal\",\"state and local\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/\",\"name\":\"The Value of Multi-Feed Threat Intelligence\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"datePublished\":\"2020-09-19T16:23:52+00:00\",\"dateModified\":\"2023-10-12T20:52:27+00:00\",\"description\":\"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"width\":523,\"height\":359},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/the-value-of-multi-feed-threat-intelligence\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Value of Multi-Feed Threat Intelligence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Value of Multi-Feed Threat Intelligence","description":"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/","og_locale":"en_US","og_type":"article","og_title":"The Value of Multi-Feed Threat Intelligence","og_description":"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0","og_url":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/","og_site_name":"Infoblox Blog","article_published_time":"2020-09-19T16:23:52+00:00","article_modified_time":"2023-10-12T20:52:27+00:00","og_image":[{"width":523,"height":359,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","type":"image\/png"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"The Value of Multi-Feed Threat Intelligence","datePublished":"2020-09-19T16:23:52+00:00","dateModified":"2023-10-12T20:52:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/"},"wordCount":1228,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","keywords":["Malware","Cybersecurity","Threat Intelligence","enterprises","Government","Federal","state and local"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/","url":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/","name":"The Value of Multi-Feed Threat Intelligence","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","datePublished":"2020-09-19T16:23:52+00:00","dateModified":"2023-10-12T20:52:27+00:00","description":"Threat intelligence is all about making sure you have the data to anticipate likely threat actors, understand the tactics, techniques, and procedures they might use, and recognize the incidents of compromise (IOCs) that identify them. The immediate goal is to prevent these attacks before they happen.\u00a0","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","width":523,"height":359},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/the-value-of-multi-feed-threat-intelligence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"The Value of Multi-Feed Threat Intelligence"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5548","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5548"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5548\/revisions"}],"predecessor-version":[{"id":9012,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5548\/revisions\/9012"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5551"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}