Inside the Microsoft team tracking the world's most dangerous hackers
Patrick O’Neill did a nice job explaining why Microsoft, as an organization, does threat intelligence so well. Yes, it has piles of money and legions of smart people to throw at this problem, but Microsoft’s biggest leg up over everyone else is the massive data flow its ubiquity enables. This means its Threat Intelligence Center sees things no one else does, and has the context to identify malicious activity that — even given the same raw data — no one else would know to flag. Those looking to step into the cybersecurity realm, even if just to beef up their home network, should take note.
You may also find these resources useful:
- Maturing A Threat Intelligence Program - ThreatConnect explains the five maturity levels of cybersecurity programs, and offers helpful advice for getting better at each stage.
- You’ve Got 99 Problems And A Budget’s One - I hate the presentation, but Rebekah Brown’s advice is sound.
- No Budget Threat Intelligence - Andrew Morris turned a good talk into a great writeup on no-budget threat intelligence, that everyone should read.
- What’s The Point of Threat Intel in ES? - For those with a large budget to burn, Splunk does a lot of work to streamline this process. Even for those without Splunk, this post and its second part, Adding Local Intel to Enterprise Security, outline some good techniques for getting started.