COVID-19 EMERGENCY RESPONSE We stand with our partners, business customers, and especially our first and emergency responders on the front lines of this crisis. Read More

Blog

Context matters: turning data into threat intelligence

Author Image

Cradlepoint

Context matters: turning data into threat intelligence

Guest Post Written By Webroot

1949, 1971, 1979, 1981, 1983 and 1991.

Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions.

Data matters, but only if it’s paired with enough context to create meaning.

While today’s conversations about threat intelligence tend to throw a ton of impressive numbers and fancy stats out there, if the discussion isn’t informed by context, numbers become noise. Context is how Webroot takes the wealth of information it gathers—data from more than 67 million sources including crawlers, honeypots, as well as partner and customer endpoints—and turns it into actionable, contextual threat intelligence.

What defines contextual threat intelligence?

When determining a definition of contextual threat intelligence, it can be helpful to focus on what it is not. It’s not a simple list of threats that’s refreshed periodically. A list of known phishing sites may be updated daily or weekly, but given that we know the average lifespan of an in-use phishing site to be mere hours, there’s no guarantee such lists are up to date.

“Some threat intelligence providers pursue the low-hanging fruit of threat intelligence—the cheap and easy kind,” says Webroot Sr. Product Marketing Manager Holly Spiers. “They provide a list of IP addresses that have been deemed threats, but there’s no context as to why or when they were deemed a threat. You’re not getting the full story. “

Contextual threat intelligence is that full story. It provides not only a constantly updated feed of known threats, but also historical data and relationships between data objects for a fuller picture of the history of a threat based on the “internet neighborhood” in which it’s active.

Unfortunately, historical relationships are another aspect often missing from low-hanging threat intelligence sources. Since threat actors are constantly trying to evade detection, they may use a malicious URL for a period before letting it go dormant while its reputation cools down. But because it takes more effort to start from scratch, it’s likely the actor will return to it before too long.

“Our Threat Investigator tool, a visualization demo that illustrates the relationship between data objects, is able to show how an IP address’s status can change over a period of time, says Spiers. “Within six months, it may show signs of being a threat, and then go benign.”

What are the elements of context? Keep reading on the Webroot Blog.

NOTE: CP Secure Web Filter is powered by Webroot and available with Cradlepoint’s NetCloud Advanced Upgrades.

Back to Blog

You might be interested in

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]

Ransomware attacks on the rise means organizations require a crisis plan

Ransomware attacks on the rise means organizations require a crisis plan

State & local government agencies can follow IT best practices to create a cybersecurity crisis plan The term: “Everything is bigger in Texas” now includes randsomware attacks, according to a CPO magazine article publish on September 2, 2019. Over the Labor Day holiday weekend, 22 Texas municipalities were hit with ransomware attacks that crippled key city […]