Getting the most from the SANS Internet Storm Center

One of my favorite things about working in the InfoSec space is the amount of collaboration that exists across the industry. While Barracuda and other cybersecurity companies compete fiercely for market share, they all have a shared goal of improving everyone’s resiliency and security in the face of a very complex and fast-evolving threat landscape.

So, most cybersecurity companies make an effort to adopt and follow shared best practices, standards, and protocols to enable data sharing and at least some interoperability among different products and solutions.

In addition to this, there are a number of nonprofit organizations dedicated to collecting and publicly sharing threat data, along with many other programs to help users improve security.

SANS Institute

One of the most important and useful of these organizations is the SANS Institute. Its core mission is to recruit, train, and certify cybersecurity professionals, but it also runs a number of other programs that provide a wide range of very useful resources and tools.

One of these is the SANS Internet Storm Center (ISC), created in 2001. ISC has several functions:

• Threat data collection. Participants around the globe voluntarily share threat incident data in the form of logs from their security solutions or from an easy-to-install honeypot designed specifically for this purpose. Anyone is welcome to contribute, including organizations of all sizes, as well as individual home users. General information on how to participate can be found here.
• Threat data sharing. The ISC makes the collected threat data available to the public in real time via their website and a variety of tools available to members and contributors. Data is provided in the form of highly informative graphs and charts that break down global threat activity by geography, ports probed or attacked, type of attack, and much more.
• Threat data analysis. The ISC is staffed by about 40 volunteer “handlers” who analyze the incoming threat data using an ever-evolving set of tools. These handlers post daily “diaries” to the ISC homepage highlighting items of interest — including new threats, emerging trends, and security industry developments — along with daily summary podcasts.

In addition to these functions, the ISC website provides an ever-growing list of links to useful resources to help you access a vast amount of information on the state of the cyber threat landscape.

Join the project

To learn more about the history of the Internet Storm Center, how to contribute, how to use the data it provides, and much more, there is a highly informative webcast that you can watch after creating a SANS account.

By creating a global community of users and organizations that voluntarily contribute security log data, administered on a volunteer basis by highly trained professional analysts, SANS ISC provides an invaluable service that exemplifies the spirit of collaboration and shared purpose that defines the cybersecurity industry as a whole.