In a previous post I discussed a more broad and general standard on sharing information about Cyber Threat Intelligence (CTI). Collaboration is what keeps the world moving forward, allowing great minds to work together to continue pushing research and development further. There is work to be done to be a participant; however, what if you want to contribute but simply cannot at that level?
If you’re a WatchGuard Firebox customer, there is a way! In the Global Settings options on the Firebox, there is an option to opt in to share device feedback. This is simple and optional, yet such a crucial change that can help better track malware and network attack trends. In fact, on a quarterly basis WatchGuard Threat Lab uses this device feedback to releases an Internet Security Report covering that quarter’s trends and activities, as well as a few tips and pointers for best practices. Additionally, if you’re more of a visual person, WatchGuard offers a Threat Landscape page that allows you to select timeframes to visual statistics worldwide using the same data!
Should there be any concerns about exposing sensitive or business data, fear not. The information provided, is strictly statistical and is thoroughly covered within this document.
If you’re not a WatchGuard user (yet!), the Threat Landscape and quarterly Internet Security Reports are still available for you. As a network or system administrator, it proves beneficial to stay on top of ongoing trends and to know what to look out for. The quarterly reports are packed with statistical information for that quarter, going back to Q4 of 2016, highlighting malware and network attacks regionally. They also break down prevalent attacks on a high-level, allowing for a fair understanding of how the attack works. If you’re more curious for just statistics, you can pick and choose dates on the Threat Landscape page and visualize attack statistics for the whole world.
In conjunction with periodically (unless there is a designated network auditor) auditing network logs and formulating a network baseline, the combination of the aforementioned features can help companies better understand what type of traffic to expect on their network. With alerts as an option for just about any action network-related, knowing how to distinguish between them will be that much simpler. This is especially important for high-target companies that are more prone to be attacked – whether by an external or internal threat actor. – Emil Hozan