Chapter 5. DDoS Focused Threat Intelligence

Threat intelligence has received a lot of attention lately. In today’s world, almost all companies rely on digitized information. Show us a company that does not have valuable assets in digital form and we will show you a company that is not competitive in its own market. Digital assets are easy to move around and store, but also easy to be stolen and compromised. Security threat intelligence is a term that describes the collection of data that might be a threat to your valuable digital assets.

According to Gartner, the definition of threat intelligence is as follows:

Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

If applied to the context of DDoS threat intelligence, we can conclude that the results should be data-driven, evidence-based, and include analysis of data about existing or emerging DDoS threats and actionable responses.

In this chapter, we will discuss the collection of data that will reveal potential DDoS security threats and show you ways to store and analyze the data. From there, we can derive response that can help you prevent and defend against future DDoS attacks.