(actionable not delayed #CTI)
-
(actionable not delayed #CTI)
sharing is caring
[ergo marketing CTI is not intelligence]
️
"Threat intelligence supply chain is full of weak links, researchers find"
..."The paper points out that threat intelligence is a big business, but that the quality of information available is not great because different stakeholders release different data.
They reached that conclusion after creating “benign yet suspicious binaries” and sharing them with 30 security vendors. The binaries included code that allowed the researchers to track how the vendors shared the packages.
That experiment revealed that 67 percent of infosec vendors conduct sandbox analysis of newly discovered malware, but only 17 percent share any threat intelligence they gather with that
️ technique. They also found that many researchers share indicators of compromise, but few share binaries that would let other researchers and defenders develop a better understanding of attacks."️
"Threat intelligence supply chain is full of weak links, researchers find"
https://www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/
️
"Actively Understanding the Dynamics and Risks of the Threat Intelligence Ecosystem"️
"By analyzing each stage of the propagation chain of submitted TI (submission, extraction, sharing, and disruption), we uncover an ecosystem where dissemination almost always leads to the disruption of threats, but vendors who selectively share the TI they extract limit the ecosystem's utility. Further, we find that attempts to curtail threats are often slowed by `bottleneck' vendors delaying the sharing of TI by hours to days."
https://www.ndss-symposium.org/ndss-paper/actively-understanding-the-dynamics-and-risks-of-the-threat-intelligence-ecosystem/ -
R relay@relay.infosec.exchange shared this topic
