Fletch's Trending Threats app is helping organizations around the world stay ahead of security threats as they develop. If you're already using this free tool, you're getting the top 5 trending threats, culled daily from tens of thousands of OSINT articles, delivered to your inbox daily.
But how does Fletch arrive at that "Top 5" out of all that data? Let's take a look!
What Makes Fletch's Threat Selection Criteria Different?
The Threat Selection Criteria is a process and a framework built on top of Natural Language Processing (NLP), not just an algorithm. It should not be confused with other threat intelligence evaluation frameworks (like CVSS or STIX), which are more like checklists than processes or frameworks. What follows are some of the key differences that we feel make Fletch’s Threat Selection Criteria unique relative to other systems:
Fletch is Different than Threat Intelligence Feeds
One of the core differences between Fletch’s Threat Selection Criteria and other systems is that it doesn’t require the use of any specific threat intelligence repository, like a STIX/TAXII server, a specific commercial threat feed, or a specific threat intelligence data standard. Instead, it uses NLP to scan 30,000 to 50,000 OSINT feeds for actionable indicators -- either indicators of compromise, or indicators of vulnerability.
Indicators today consist of elements like CVEs and malware hashes. In addition, the NLP process also looks to filter out an unrelated, tangental information in the article, to reduce the extracted information down to just the salient data. Think of it as NLP noise reduction. Fletch is geared towards identifying concrete threats in real world contexts.
How We Rank Threats
With the indicators harvested, Fletch then works to deliver which 5 threats were most significant for the day. Using inference analysis, takes a look at multiple elements to create a cumulative score for each threat. Those elements include the following categories.
Fletch Can Help
In sum, Fletch is a unique threat intelligence selection and evaluation system that is different from STIX or other threat intelligence feed systems. It uses NLP to scan OSINT feeds for actionable indicators, harvests them, analyzes them, clusters them, and measures the threats that they represent. The output is those Top Five events that, through that day's analysis, have risen to the top of the list, in the ever changing and evolving Lava LampTM of the threat landscape. Trending Threats is a free app designed to help any organization extract relevant data out of the thousands of OSINT feeds available every day. Sign up here for your own daily threat feed.
