Authors:
Andreas Rüedlinger
1
;
Rebecca Klauser
2
;
Pavlos Lamprakis
2
;
Markus Happe
2
;
Bernhard Tellenbach
3
;
Onur Veyisoglu
4
and
Ariane Trammell
4
Affiliations:
1
Deimos AG, Zurich, Switzerland
;
2
Exeon Analytics AG, Zurich, Switzerland
;
3
Armasuisse, Zurich, Switzerland
;
4
Zurich University of Applied Sciences ZHAW, Winterthur, Switzerland
Keyword(s):
Open Source Intelligence (OSINT), Cyber Threat Intelligence (CTI), Threat Feeds.
Abstract:
A sound understanding of the adversary in the form of cyber threat intelligence (CTI) is key to successful cyber defense. Various sources of CTI exist, however there is no state-of-the-art method to approximate feed quality in an automated and continuous way. In addition, finding, combining and maintaining relevant feeds is very laborious and impedes taking advantage of the full potential of existing feeds. We propose FeedMeter, a platform that collects, normalizes, and aggregates threat intelligence feeds and continuously monitors them using eight descriptive metrics that approximate the feed quality. The platform aims to reduce the workload of duplicated manual processing and maintenance tasks and shares valuable insights about threat intelligence feeds. Our evaluation of a FeedMeter prototype with more than 150 OSINT sources, conducted over four years, shows that the platform has a real benefit for the community and that the metrics are promising approximations of source quality.
A comparison with a prevalent commercial threat intelligence feed further strengthens this finding.
(More)