Building Your IT Security News Pipeline

If you are responsible for securing a network, you should know that monitoring reliable IT security news is now critical to mitigating threats on your precious goods. Prioritizing that news landscape and rolling out a timely response is also critical to a solid recipe for security. While it is not realistic to expect security architects to have that kind of response time, if you are ignoring IT security news, you  might need those backups you have been diligently maintaining or worse.

Building a solid incoming information pipeline requires an analysis of the IT security news landscape.  The most fundamental elements of this landscape includes threat advisories & guidelines, updates to best-practices and standardization recommendations,  and changing legal requirements if they apply to your organizational assets.

Threat analysis reports and newly released Common Vulnerability Exposure details (CVEs) are critical secondary elements that relay more detailed information about vulnerabilities affecting specific software.  Depending on your organization’s assets, you may want to drill deeper into the news that relates specifically to your asset domain.   And finally, don’t forget to worship the Gurus and mentors who have gone before you down the path to IT security hardness.  The rest of this article is a sequence of categories and sources that you can use to build your own IT security  news pipeline.

Use General Tools Available

Because the amount of available information can be tedious to collect, let alone digest, automate some of it.  For example, Google Alerts offers keyword based real-time news update service that you can tailor to include the software, vendors, and services that your organization offers.  You can even optimize your alert keyword searches by Google Dorking.

Standards Organizations

Standards organizations form the backbone of any good IT security policy framework.  You don’t want your IT security strategy to rely on the rumor mills of Redit when it comes to properly securing a remote database connection for example.  Over the years of experience in IT I have build up deaf ears those who claim that simple security best practices are inconsequential.  Here is a list of the most important standards organizations and what they offer in terms of news updates with links and brief explainations.

SANS Institute

The Internet Storm Center

• A blog-style news feed, keyword search, daily podcast and some useful tools such as honeypot software, etc

Press: SANS in the News

• An overview picture of the industry of IT Security from global threat actors, recent large corporate exploits, and a global picture of cybercrime.

 SANS NewsBites Newsletter

• A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week.

SANS Threat Analysis Rundown

• Monthly web-cast that outlines security News

National Institute of Standards and Technology (NIST)

NIST Issues IT industry guidelines and best practices more than daily IT security news, but without the standard industry guidelines and best practices, you don’t really have a solid ground to start from.  I don’t want to meet a security architect that has not read the full suite of SP and FIPS guidelines.  Often.

NIST Computer Security Resource Center

Information Technology Lab (ITL) bulletins are new advisories on best practices for topics such as cryptography, file-sharing, ICS, Email servers, virtualisation and cloud.  Aimed at the corporate and government infrastructure, NIST can give any SME network admin the guidance to properly hardening a network and any manager a good starting point for security policy frame-working.  NIST SP are fundamental and focused on in CompTIA Security+ certifications.

• Bulletins site: https://csrc.nist.gov/publications/itl-bulletin
• Publication Updates & Drafts (several per year) provide access to draft and final release of new NIST publications including:
  • FIPS Federal Information Processing Standards: Security standards. Learn more
  • SP NIST Special Publications Guidelines, technical specifications, recommendations and reference materials, comprising multiple sub-series:
    • SP 800 Computer security Learn more
    • SP 1800 Cybersecurity practice guides Learn more
    • SP 500 Information technology (relevant documents)
  • NISTIR NIST Internal or Interagency Reports Reports of research findings, including background information for FIPS and SPs.
  • ITL Bulletin NIST Information Technology Laboratory (ITL) Bulletins
    Monthly overviews of NIST’s security and privacy publications, programs and projects.

Mitre Common Vulnerability Exposure (CVE) / National Vulnerability Database (NVD)

The Mitre CVE and NIST NVD are synced, identical lists that provide vulnerability management data represented using the Security Content Automation Protocol (SCAP). Includes a database of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.  Both sites are keyword searchable and provide feeds in various formats.

• Data Feeds in various formats:
  • JSON Vulnerability Feed
  • RSS Vulnerability Feeds
  • Vulnerability Translation Feeds
  • Vulnerability Vendor Statements

Government Organizations

Cybersecurity and Infrastructure Security Agency (CISA)

• National Cyber Awareness System provides keyword search and sectional resources on the following categories:

• • Alerts and tips
  • Analysis reports
  • Current Activity
  • Security Bulletins
  • TIPS
  • Resources
• Cybersecurity and Infrastructure Security Agency (CISA) Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available. One summary issued per week dating back to 2004.

Canadian Centre for Cybersecurity

Although the Canadian Center for Cybersecurity is mentioned here, each country will have its own Cybersecurity advisory organization that releases important updates on the security landscape from a relative perspective on local activity.

Quoted from the site:

The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada’s national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events.

• Alerts & Advisories

NSA National Security Agency Central Security Service

• Provides resources such as Ghidra for reverse compiling, information for cybersecurity professional such as several advisories and technical guidance reports per month. (https://www.nsa.gov/What-We-Do/Cybersecurity/Advisories-Technical-Guidance/)
• Threat intelligence and assessments (https://www.nsa.gov/What-We-Do/Cybersecurity/Threat-Intelligence-Assessments/)
• Information for students and educators about cybersecurity, general information about the NSA and timely reports relevant to a changing IT environment such as a telework (work from home) best practices guide.

Institute of Electrical and Electronics Engineers (IEEE)

• Cipher News Letter – It’s probably best to let the IEEE describe their own Cipher News Letter since it’s pretty general yet brainy and high-quality content aimed released bi-monthly:

The goal of the TCSP is to foster excellence in computer security and privacy research. We provide five of the finest conferences in the field. We are also “information central” for announcements of all research conferences in our field through continuously updated online resources. Our newsletter, published six times a year, contains recent announcements, news from the headlines, and other news about TCSP.

• IEEE also has the IEEE Transactions on Information Forensics and Security Feed which updates the universe on cutting edge hardware and crazy stuff that most of us mortals don’t need to know about.  However, if you are a Software Engineer or Hardware engineer in a security role, you will probably find this level of information useful.
• IEEE Computer Society – The digital library offers a searchable index of articles and whitepapers from IEEE’s  subscription based online resource library.  Lots of high-quality academic papers on every IT threat under the sun.

Security Software Vendors

RSA Security LLC

RSA is the company founded by the crypto Guru trio Ron Rivest, Adi Shamir, and Leonard Adleman. RSA security information should be considered essential for long-term guidance since their products affect security in nearly every corporate IT environment.

Quote:
RSA delivers a unified, business-driven approach to managing digital risk—uniting stakeholders, integrating technologies and transforming risk into reward. Their site offers many industry perspective oriented reports and best-practice guidelines as well as news related to crypto security and advisories on known vulnerabilities in RSA products.

• News –
• Digital Risk in IoT – https://www.rsa.com/en-us/discover/internet-of-things
• Mitigate Cyber Risk –
• Digital Risk Management – Industry perspective reports on risk management in the current evolving landscape of IT security.  These perspectives approach the level where a CISO will communicate and plan with Security Architect.
• Podcast – security and risk related content with overview of IT / cybersecurity risk
• Tools – RSA tools include risk assessment frameworks, risk calculators, and risk advisories

Trend Micro

• Vulnerabilities and exploit
• Security Research

IBM

• X-Force Threat Intelligence Index presents a global view of the threat landscape offered in Annual reports.

RedHat

Kaspersky Labs

Sophos

Norton Antivirus

• Norton AV’s Internet Security Center blog contains articles on the consumer device threat landscape and updates and advisories on common attack vectors such as phishing attacks, dark-web software markets, other online scams and other news.   The site also has some basic level information on fundamental internet security topics that could be useful for educating employees or colleagues.

Akamai

• Akamai Threat Research providing security intelligence, security news, research papers, red-team tools, and security certifications, Akamai threat researchers regularly publish in academic journals and present at conferences and industry association events, sharing mitigation strategies and data focused on the constantly evolving security landscape.   This is more active and producing tons of useful content.

Checkpoint Network Security

Checkpoint offers a wide variety of network security products for cloud, email, threat hunting, next-gen firewall, IoT, hyperscale network security (whatever that means), mobile security, and security appliances, and their information pipeline focuses on their products.

• Newsletter sign-up – Provides real-time updates and configuration information for Check Point IPS to ensure your protection against the latest threats.
• Archive – Weekly and monthly security advisories.

Personal Blogs

There are some industry experts who dominate a specific aspect of IT security. Below are some examples of individuals whose IT news and educational content stand out from the rest (IMO).  However, each sub-category of IT will have its own cast of leading characters who are geared to inform and educate.

Scott Helme

Scott Helme provides a useful tool for web-server header security analysis (https://securityheaders.com). Not only does his Security Headers tool scan your URL and build a comprehensive and informative report about your site’s security headers, his blog has many useful articles to learn the specifics and details on topics such as HPKP, HSTS, Expect CT, and MTA-STS as well as host of other security acronyms you may never have heard of before.

Steve Gibson – Security Now Podcast

Steve is a Silicon Valley guru who has been educating on hardware and software since… well the beginning. For a taste of the Steve Gibson of old, you can checkout this video of him teaching about the optimization hard-drive motors, platters, heads, and sectors and in the 1980’s (https://www.youtube.com/watch?v=01z3nzWFsCA). His company Gibson Research Corp (GRC) produces Spinrite a low-level hard-drive recovery tool, and Steve is the creator of SQRL a new privacy / security enhanced authentication protocol.

He does reviews weekly industry OS, software, and corporate security breach news in podcast format on the TWIT network (https://twit.tv/shows/security-now). Steve offers an educational, informative and often light-hearted comedic view of the IT world and tends to highlight how not following best practices can land you in a ton of hot water. IMO any young IT hopeful or adjunct should listen to his podcast because he steps through the technical details with the patient step-by-step detail of a great teacher.

Bruce Schneier – Schneier on Security

Primarily a cryptographer his site provides lots of educational content on encryption algorythms and topics such as cipher design, protocol design, random number generation, and password security. This makes him a good mentor to follow for a young security minded application developer or software Engineer. Bruce’s site also provides a newsletter that condenses his blog and delivers it straight to your inbox.

Brian Krebs – Krebs on Security

Provides overview of Microsoft Patch Tuesday releases, and focuses on information on  hacker groups and individuals who have been caught in the act of cybercrime.  As well as some insightful content about the world of IT security and internet.

Graham Cluley

Graham Cluley is a British security blogger and the author of grahamcluley.com, a daily blog on the latest computer security news, opinion, and advice.

IT News Outlets

• ZDNet – Posts articles staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
• CNET – Latest news on corporate breaches, government response, and global cybercrime.
• Errata Security – A somewhat obscure group whose site describes themselves as “a team of dedicated security researchers that practice offensive security”, and take a theoretical stance blogging on security best-practices and threat mitigation and the legal / political landscape.  This is definetely an example of gorilla security perspective and may only server to give you a diverse perspective.
• Threatpost.com – News posts on a range of topics covering mainstream IT security news.  Mostly focused on consumer applications and some global political security events.
• WIRED
• Security Bloggers Network
• Info-Security Magazine – Daily news posts covering a large range of topics from application security, cloud security, network security, big data, cybercrime, human-factor, and many more. The site also offers InfoSec Podcast and whitepapers.
• MSSPAlert – Coverage of cybersecurity, malware, ransomware, managed security services providers (MSSPs), managed detection and response (MDR), security operations centers (SOCs), SIEM, SOAR and more
• Bleeping Computer Securiy News –
• Malwarebytes.com –
• Threat it – Cyber Security Articles and Tutorials

Other top X lists

• Top Cyber Security Blogs and Websites
• Top Cybersecurity News Sources
• Top 50 InfoSec Blogs