Share this
Introduction to MISP: A Threat Intelligence Platform
by Rahima Malik on Oct 12, 2021 12:00:00 AM
As we know, cyber security attacks are more common than ever and it's not going away anytime soon. IT Governance recorded that there were 20.1 billion data records reported lost or stolen in 2020, which is a 50% increase in breached records compared to 2019. Sharing threat information can have a positive impact on decreasing the number of lost or stolen records year-over-year, giving cybersecurity researchers and vendors the tools to better identify and combat threats.
What is MISP?
MISP is a threat intelligence platform. MISP itself widely stands for Malware Information Sharing Platform. It is free and open source, developed primarily by CIRCL as well as other contributors.
The History of MISP
The idea originated at a malware analysis workshop in 2012. After a lot of independent work, they discovered that multiple groups had done an analysis on the same malware so they were duplicating efforts when they could have been investigating new or un-researched malware.
A lot of time was wasted and they began to think that there must be a better system to avoid this ever happening again. This is where it all started.
They began to develop MISP. There was a lot of feedback and contribution that went into developing MISP. The final version of MISP was developed after security researchers and law enforcement started to use it and give their feedback to help build the platform as it is today. It grew through the years and different security experts from the industry started to use it more. All of this contributed to the MISP that it is today.
What is threat intelligence?
Threat intelligence is information that organizations can use to combat online security threats. This information starts off as a ton of unorganized data from many different sources. The information is then used by security professionals and data science to explore and analyze the data into more actionable insights to make better and more informed decisions.
Essentially, it helps organizations get the most relevant and timely insights needed to understand, predict, and respond to cybersecurity threats.
Who uses MISP?
The users of MISP include malware reversers, intelligence analysts, law-enforcement, as well as risk analysts and fraud analysts.
The communities using MISP to share data are diverse and include not only trusted organizations but also organizations in the financial sector (e.g. banks, ISACs, payment processing companies), military organizations (e.g. NATO), security vendors (e.g Fidelis, OTX) and there are even some communities that are setup to tackle specific (or seasonal) issues (such as COVID-19 MISP).
4 Main Benefits of MISP:
1. Powerful, structure nature
MISP allows an organization to have a more powerful and structured way to store data about the threats it has experienced (such as IP addresses, domains, and email addresses that may be related to a threat) and any relevant information that the organisation has learned about those threats. It also has the ability to combine the database with other MISP databases into a single large database.
2. Searchable history
There is a searchable history of threat events that the platform automatically connects any historical data to new events entered into the system. It's like a search engine for the organizations threat events and what they did about them. This can make an organization much faster and smarter when dealing with new events.
3. Sharing communities
The MISP developers recognized that sharing information outside of the organisation presents challenges and not all information should be shared with everyone, so they created the idea of sharing communities. This way, researchers can actually choose what to share and how far that sharing goes. Sharing communities are a group of trusted partners or peers who experience the same types of threat, so threat intel can be very relevant within a community.
4. Ingest threat intelligence from a public threat feed
Another great benefit is that MISP also allows an organization to ingest threat intelligence from a public threat intel where other trusted sources such as the police and security researchers also participate. With all of this valuable external threat info coming in, an organization can augment their event data with rich, high-quality threat intel that automatically connects to and enriches any new events in addition to an organization's own historical data.
MISP is not only a threat intelligence platform but also an important tool for furthering threat research. This useful cybersecurity tool will be beneficial to help fight against cybersecurity attacks. Want to learn more about threats and how we can identify them? Watch our on-demand webinar now on Advanced Threat Identification here.
Share this
Categories
- Featured (264)
- Protective DNS (21)
- IT (15)
- IndyCar (9)
- Content Filtering (8)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Malware (4)
- Roaming Client (4)
- Team (4)
- Compare (3)
- MSP (3)
- Phishing (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...
In July I published a blog on the DNSFilter website where I looked closely at our passive DNS data, highlighting early election trends in relation to threat domains.
The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.