In addition to running its own honeypots and using user submitted log data to detect attackers; ThreatSTOP aggregates and optimizes threat intelligence from a number of sources on the Internet, turning that information into enforceable policy lists which are uploaded into network firewalls.
The current sources for our threat intelligence include:
DShield.org / Internet Storm Center
DShield.org / Internet Storm Center (ISC) relies on an all-volunteer effort to detect problems, analyze threats, and disseminate both technical as well as procedural information to the general public. Thousands of sensors that work with most firewalls, intrusion detection systems, home broadband devices, and nearly all operating systems are constantly collecting information about unwanted traffic arriving from the Internet. These devices feed the DShield database where human volunteers as well as machines pore through the data looking for abnormal trends and behavior. The resulting analysis is posted to the ISC's main web page where it can be automatically retrieved or can be viewed in near real time by any Internet user. DShield is usually among the first to detect new network based attacks on the Internet, as the seed systems scanning for the vulnerabilities rapidly rise to the top of the list of connections to closed ports.
ISC SIE is a trusted, private framework for information sharing in the Internet Security field. Participants can operate real time sensors that upload and/or inject live data to SIE, and other participants can subscribe to this data either in real time, or by query access, or by limited and anonymized download.
Participants are network operators (including ISPs, enterprise, academic, and research), law enforcement (internationally), security companies (including anti-virus, intrusion detection, &etc), and research (including academic, Internet do-gooder, government, and commercial). All access and use, either commercial or noncommercial, must be in the public interest.
The Shadowserver Foundation gathers intelligence on the darker side of the internet. Comprised of volunteer security professionals from around the world, their mission is to understand and help put a stop to high stakes cybercrime in the information age.
PhishTank is a collaborative clearing house for data and information about phishing on the Internet.