Wednesday, December 18, 2013

Upcoming tool - Cyber Threat Intelligence (Hook Analyser 3.0)


I strongly recommend to keep looking for upcoming release of Hook Analyser 3.0 - which will include Cyber Threat Intelligence capability.

This will include a simple dashboard with information - easy to interpret and understand.

On a side note - I have been working on another solution/project which performs analysis of malware attacks and internet presence (on internet) across industries and present the result in an intuitive manner.

The solution will be shared at some later stage - just a heads-up!

Tuesday, October 22, 2013

Digital Attack Map - DDoS Attack

Thought of sharing this interesting Google's project, Digital Attack Map. This is a live data visualisation of active DDoS attacks around the globe. This is one of the initiatives from Google Idea and Arbor Networks.

I will let you explore the website to understand more about it. By looks of it (not sure data could be exported - which could then be useful for enterprises to concert with internal data source), it appears to be quite useful from the following perspective -

  1. It will provide "close to real-time" information about active DDoS attacks across different geographies.
  2. Historic data/events can be leveraged on to predict or produce actionable intelligence.

Here is the website - Digital Attack Map

Friday, October 4, 2013

Threat Intelligence - Cyber Attackers Threat Feed


I have been thinking to improve the ThreatIntel heat map for quite some time, and finally it's Friday night - and made that happen.

The following image provides "close to" real-time threat feeds (refreshes in every ~5 mins) on Cyber attackers - based on IP addresses and Geo Locations. The time zone is GMT.

Here is the old one (if you'd like to see) - which I do plan to change in near future.

Wednesday, October 2, 2013

Cyber Threat Intelligence Framework - Sharing threat intelligence across industries


I'd like to share my thoughts/idea on an approach/framework which would enable organisations to obtain threat intelligence information across different industries.

As described on my previous post, there is a mechanism/approach which an organisation could leverage to obtain threat intelligence from different data sources.

The idea is to share certain feed/s (from an organisation - risk based decision again) to a "centralised/external" repository aka "Collaborative Threat Intelligence Platform (CTIP)" which would not only just receive "similar" data feeds from other organisations, but also provide Intel/information back to them.

Following is the framework which an organisation may choose to collaborate with other industries - to achieve a collaborative threat intelligence framework.

Sunday, September 29, 2013

Cyber Threat Intelligence - Determining and connecting the "dots"

Hi all,

In this particular post, I'd focus on Cyber Threat Intelligence dots and potential mechanism for connecting them.

So, what are "the" dots for an organisation - 

Once we understand the dots, let's focus on potential mechanism for connecting them -

Refer to the following figure - How those dots could potentially connect

Based on the above information, I have designed a UML diagram (and correlations). I will continue to refine/update in course of time.