Threat Libraries
The threat library is exactly what it sounds like, is a place to store the threats encountered by your organization or related to your organization and have an impact on it. This library is used to store the threat event details, attributes, chronology of events, related files, software, etc. An organization needs to keep so that if in future similar incidents occur, old incidents can be used for learning and mitigating new events effectively. It also helps the organization assess the threat types and trends observed historically, which in turn helps security teams to understand critical focus areas for threats.
The whole idea of creating a threat library is to keep a record of threats. These historical records can help in various ways some of them are as follows:
Having a record of what kind of vulnerabilities existed in the organization helps security guys to understand what kind of threats their organization is more vulnerable. Hence they can focus on creating, revising and monitoring those areas more rigorously.
It provide a trend in vulnerabilities for the organization. For example. suppose there were lots of changes needed in the softwares during the release of SSL vulnerabilities. In that case, that proves that any vulnerability released in category of SSL(or secure browsing) will impact the organization IT infrastructure greatly.
If there was a hacking attempt and it is recorded with ample details then it helps security experts to re-trace the entry points of the hacker as well as what other kind of attempts he/she might have made.
Understanding a threat attack sophistication also let us know if the security measures setup in the organization are good enough.
How to Create one?
Creating a threat library can be as simple as creating a file share folder with restricted access(not advisable where shares are widely used) to dedicating a physical machine hosting an application to organize all the data and files. However, a threat library setup should have the following characteristics:
Records/data should be easy to organize, search and retrieve. I.E. well structured and indexes data.
Good authentication and authorization and restricted access to the information
File integrity checks and files should be stored in encrypted form.
Ability to make updates in the records
Easily accessible
There is N number of software which can be used for it. Some of these are Bugzilla, Gitlab, FTP servers, and any kind of media hosting website frameworks with the characteristics mentioned above.
Let me know what you think about my write-up in the comments below. Please refer URL provided below for more, it's a great article.
Reference: https://www.threatq.com/threat-library/
Last updated