FeedMeter: A Smarter Approach to Threat Intelligence

In today’s evolving cyber landscape, understanding the adversary through cyber threat intelligence (CTI) is essential for effective defense. However, managing CTI feeds remains a challenge due to the difficulty in assessing feed quality and the manual effort required to find, combine, and maintain relevant sources.

Our CTO, Dr. Markus Happe, our Senior Cyber Security Engineers Pavlos Lamprakis and Rebecca Klauser, alongside Bernhard Tellenbach, co-author and Head of Cyber Security at armasuisse S+T, Ariane Trammell, Head of Information Security Research Group at the ZHAW Zurich University of Applied Sciences who is also a valued collaboration partner at Innosuisse, Onur Veyisoglu, Senior Security Researcher at ZHAW, and Andreas Rüedlinger from Deimos AG joined forces to write a research paper about a platform for automated collection, normalization, aggregation, metadata-enrichment, and rating of various Open Source Intelligence (OSINT) feeds.

Enter FeedMeter—a platform designed to simplify this process. FeedMeter collects, normalizes, and aggregates threat intelligence feeds while continuously evaluating them using eight descriptive metrics to approximate feed quality. This approach reduces the need for manual upkeep, allowing security teams to focus on actionable insights.

Tested over four years with more than 150 OSINT sources, FeedMeter has proven its value. Its metrics are promising indicators of feed quality. A comparison with a leading commercial feed further supports the platform's ability to enhance the effectiveness of CTI for the cybersecurity community.

CTI feeds provide essential information about cyber threats, including vulnerabilities, malware, and attacker profiles. However, manually handling multiple CTI feeds is labor-intensive, and assessing their quality is challenging. FeedMeter addresses these issues through several key functionalities:

1. Collection and normalization: It gathers threat intelligence from various sources, standardizes the data, and integrates it into a unified system for easier analysis.
2. Aggregation: FeedMeter consolidates multiple CTI feeds, reducing redundancy and offering a more accurate and comprehensive view of current threats.
3. Quality monitoring: The platform continuously evaluates feed quality based on eight metrics such as accuracy, timeliness, and relevance, providing security teams with reliable data assessments.
4. Reducing manual effort: FeedMeter saves security professionals time and resources by automating tasks like monitoring and maintaining data feeds.

FeedMeter significantly reduces the workload for security teams while delivering valuable insights into threat data quality. It has proven to be a valuable tool for improving CTI feed efficiency and effectiveness, even outperforming some commercial solutions in reducing manual efforts.

The previously mentioned comparison between FeedMeter and a popular commercial CTI feed further validated FeedMeter’s utility and efficiency, as it matched the commercial solution in terms of feed quality while outperforming it in certain areas, particularly in reducing manual workloads. FeedMeter provides security teams with critical support in maximizing the value of available threat data and enhancing the efficiency of their cyber defense strategies.

The Exeon authors are grateful for this successful research work and its outcomes, and invite you to read the full publication here.