FeedMeter: Smarter Cyber Threat Intelligence

Cyber Threat Intelligence

In today’s evolving cyber landscape, understanding the adversary through cyber threat intelligence (CTI) is essential for effective defense. However, managing CTI feeds remains a challenge due to the difficulty in assessing feed quality and the manual effort required to find, combine, and maintain relevant sources.

Our CTO, Dr. Markus Happe, our Senior Cyber Security Engineers Pavlos Lamprakis and Rebecca Klauser, alongside Bernhard Tellenbach, co-author and Head of Cyber Security at armasuisse S+T, Ariane Trammell, Head of Information Security Research Group at the ZHAW Zurich University of Applied Sciences who is also a valued collaboration partner at Innosuisse, Onur Veyisoglu, Senior Security Researcher at ZHAW, and Andreas Rüedlinger from Deimos AG joined forces to write a research paper about a platform for automated collection, normalization, aggregation, metadata-enrichment, and rating of various Open Source Intelligence (OSINT) feeds.

The Challenges in Cyber Threat Intelligence Feeds

Cyber threat intelligence feeds provide essential information about cyber threats, including vulnerabilities, malware, and attacker profiles. However, manually handling multiple CTI feeds is labor-intensive, and assessing their quality is challenging. Security teams often struggle with:

• Feed Quality Assessment: Determining the reliability and relevance of different CTI feeds.
• Manual Upkeep: The effort required to continuously find, combine, and maintain various sources.
• Data Overload: Managing redundant or irrelevant data that can obscure critical threat information.

How FeedMeter Enhances Cyber Threat Intelligence

Enter FeedMeter—a platform designed to simplify the process of managing cyber threat intelligence feeds. FeedMeter collects, normalizes, and aggregates CTI feeds while continuously evaluating them using eight descriptive metrics to approximate feed quality. This approach reduces the need for manual upkeep, allowing security teams to focus on actionable insights.

Proven Impact on Cyber Threat Intelligence

Tested over four years with more than 150 OSINT sources, FeedMeter has proven its value in enhancing cyber threat intelligence. Its metrics are promising indicators of feed quality. A comparison with a leading commercial feed further supports the platform's ability to improve the effectiveness of CTI for the cybersecurity community.

Challenges in Managing Cyber Threat Intelligence Feeds

CTI feeds provide essential information about cyber threats, including vulnerabilities, malware, and attacker profiles. However, manually handling multiple CTI feeds is labor-intensive, and assessing their quality is challenging. FeedMeter addresses these issues through several key functionalities:

Key Functionalities of FeedMeter in CTI

1. Collection and normalization: It gathers threat intelligence from various sources, standardizes the data, and integrates it into a unified system for easier analysis.
2. Aggregation: FeedMeter consolidates multiple CTI feeds, reducing redundancy and offering a more accurate and comprehensive view of current threats.
3. Quality monitoring: The platform continuously evaluates feed quality based on eight metrics such as accuracy, timeliness, and relevance, providing security teams with reliable data assessments.
4. Reducing manual effort: FeedMeter saves security professionals time and resources by automating tasks like monitoring and maintaining data feeds.

Conclusion

FeedMeter significantly reduces the workload for security teams while delivering valuable insights into threat data quality. It has proven to be a valuable tool for improving CTI feed efficiency and effectiveness, even outperforming some commercial solutions in reducing manual efforts.

The previously mentioned comparison between FeedMeter and a popular commercial CTI feed further validated FeedMeter’s utility and efficiency, as it matched the commercial solution in terms of feed quality while outperforming it in certain areas, particularly in reducing manual workloads. FeedMeter provides security teams with critical support in maximizing the value of available threat data and enhancing the efficiency of their cyber defense strategies.

The Exeon authors are grateful for this successful research work and its outcomes, and invite you to read the full publication here.