Overview of MISP Threat Intelligence

MISP is a very powerful open-source threat intel sharing platform. At its core, MISP allows an organization a structured way to store data about the threats it has experienced, like IPs, domains, and email addresses, and anything the organization has learned about those threats. The structured format means that the organization has a searchable history of threat events, and the platform automatically connects any historical data to new events entered into the system. It's like a search engine for the organization's threat events and a repository of what the organization has learned about those events and what they did about them. And that can make an organization much faster and smarter when dealing with new events. And while that ability alone makes MIS powerful, the structured nature of the database brings a significant additional benefit. The ability to complete combine your database with other organizations'MISP databases into a single, large, and searchable database. The MISP developers recognized that sharing info outside of the organization presents challenges and not all information should be shared with everyone. So they created the idea of sharing communities where you can choose what to share and how far that sharing goes. Sharing communities are groups of trusted partners or peers who experience the same types of threats. So threat intel can be highly relevant within a community. MISP also allows an organization to ingest threat intelligence from public data feeds or other trusted sources like the police and security researchers. So with all of this external threat intel coming in, an organization can augment their own event data With rich and high quality threat intel that automatically connects to and enriches any new events in addition to the organization's own historical data. What can you do with all of this enriched threat intel data? With an enriched database, your security teams and incident responders can get the information they need quickly and from a single source. And because it is structured, many security tools like seams, firewalls, email filters, and other tools can ingest this data directly. And then you can set up automatic alerts or even configure your systems to automatically block threats that you or your community have identified. And this is the first step to automating your security responses. MISP can be a little difficult to explain because it is a very flexible tool that can be whatever the organization needs it to be. Either a fully functioning automated tool to bolster your defenses, or a personal tool used by your security team to speed up investigations, or somewhere in between. However you use it, MISC can bring a new level of maturity, consistency, and efficiency to an organization's incident response.

It's like a search engine for the organization's threat events and a repository of what the organization has learned about those events and what they did about them. And that can make an organization much faster and smarter when dealing with new events. And while that ability alone makes MIS powerful, the structured nature of the database brings a significant additional benefit. The ability to complete combine your database with other organizations'MISP databases into a single, large, and searchable database.

The MISP developers recognized that sharing info outside of the organization presents challenges and not all information should be shared with everyone. So they created the idea of sharing communities where you can choose what to share and how far that sharing goes. Sharing communities are groups of trusted partners or peers who experience the same types of threats.

So threat intel can be highly relevant within a community. MISP also allows an organization to ingest threat intelligence from public data feeds or other trusted sources like the police and security researchers. So with all of this external threat intel coming in, an organization can augment their own event data With rich and high quality threat intel that automatically connects to and enriches any new events in addition to the organization's own historical data. What can you do with all of this enriched threat intel data?

With an enriched database, your security teams and incident responders can get the information they need quickly and from a single source. And because it is structured, many security tools like seams, firewalls, email filters, and other tools can ingest this data directly. And then you can set up automatic alerts or even configure your systems to automatically block threats that you or your community have identified.

And this is the first step to automating your security responses. MISP can be a little difficult to explain because it is a very flexible tool that can be whatever the organization needs it to be. Either a fully functioning automated tool to bolster your defenses, or a personal tool used by your security team to speed up investigations, or somewhere in between.

However you use it, MISC can bring a new level of maturity, consistency, and efficiency to an organization's incident response.

Transcript for:Overview of MISP Threat Intelligence

Transcript for:
Overview of MISP Threat Intelligence