Loading

Threat Intelligence Alliance

Introduction

The world is becoming increasingly more connected to the hostile network environment that is the Internet. Networks are expanding, bandwidth increasing, software applications utilising cloud technologies enhancing our user experience. All of this activity exposes our information assets to a veritable cornucopia of threats.

The Threat Intelligence Alliance was developed to address the increasing challenges of an inter-connected society. As part of this initiative, earthwave has created infrastructure to enhance its security monitoring capabilities by developing tools and techniques to identify emerging threats.

As a managed and in-cloud security service provider, earthwave is in a unique position to offer visibility and insight into emerging activity and threats. After all, if actionable cyber intelligence shows you what to look for, then it's much easier to detect and respond to it. This includes detection of anomalous activity such as virus infection, drive-by downloads, worm propagation, deliberate misuse of resources, and large scale attacks including distributed denial of service. earthwave conducts considerable private research utilising advanced correlation technology monitoring thousands of devices around the world on 24x7x365 basis. Sensors are deployed in ISP core infrastructure, governments, large enterprises, and SMB environments.

Objective

earthwave believe that any progression in security requires proactivity. In order to achieve this, the industry needs to focus on predicting threats and trends before they emerge. Research combined with effective synergies is critical to combating growing cyberthreats.

The primary objective of the Threat Intelligence Alliance programme is to gather and analyse traffic involved in cyber-attacks for the purpose of detecting and preventing malicious activity.

Our other main objectives include:

  • Developing techniques for the automatic identification of attacks
  • Collecting information on attacks to examine trends, build security models, and support security research efforts
  • Communicating threat intelligence to appropriate government and regulatory authorities

Benefits

As a result of the alliance, organisations are effectively able to utilise actionable intelligence to neutralise attacks and:

  • Detect known and unknown threats within your organisation
  • Provides an early warning system for cyber-attack detection
  • Enhances existing data feeds to identify prevalent threat sources
  • Increases the coverage and visibility of existing data feeds through information exchange
  • Decrease the time to incident detection and minimise exposure by thwarting attacks as they occur
  • Increase awareness of malicious activity
  • Provides an effective source of malicious data for further security analysis
  • Opportunity to contribute value added intelligence to our community

Participation

earthwave has established over 50 key partners who data is shared under the Threat Intelligence Alliance, including involvement from commercial, government, and academic sectors. As the nature of the programme is designed to be a community based effort, we expect eligible participants to contribute their own data feeds for mutual benefit.

If you would like to engage earthwave to build a relationship for information exchange, please refer to the contact details below.

Eligibility

To be eligible for participation in the Threat Intelligence Alliance, parties must provide data that is 40% unique from our existing established feeds. Unfortunately, we cannot accept data already been obtained from alternate sources.

earthwave extensively vets all participants to ensure suitability and requirements for our data feeds. Additionally we require a signed non-disclosure agreement (NDA) for information exchange.

Collection Methods

earthwave records malicious activity observed from its own infrastructure, managed customer networks, and its in-house built technologies.

  • Geographically dispersed sensors honeypots
  • Low and high interaction honeyclients (sandboxes)
  • Sinkholes
  • Spamtraps
  • Phishing content
  • Web crawlers
  • Open proxies
  • IM/IRC/P2P malicious URL harvesting
  • Botnet/Command & Control (C2) server and zombie monitoring
  • Bogus AS routes
  • Dark space monitoring
  • Attacks observed on Intrusion detection and prevention system (IDS/IPS)
  • Passive DNS analysis
  • Publicly available feeds

Frequency

Data feeds are updated in real-time by our collection of technologies (sensors, sinkholes, spamtraps, etc). Feeds are then processed, verified, updated then made available to authorised exchange partners on our designated collection point. Although earthwave receives feeds in real-time we only update our exchange feeds to authorised partners on a daily basis.

Format

Data feeds are available in multiple formats available for authorised exchange partners to access. By default, feeds are available for HTTPS download in TXT and CSV format.

Depending on the data partners' access and feeds subscribed to, the data may include:

  • Source IP (malicious & suspicious)
  • Destination domain (malicious)
  • Destination URLs (malicious)
  • Time detected

Contact

For enquiries or involvement in the Threat Intelligence Alliance programme, please contact us at tia@earthwave.com.au.