NCSC Updates Early Warning Threat Intelligence

Written by

A leading UK cybersecurity agency has updated its threat notification service in a bid to improve the quality of alerts.

The National Cyber Security Centre (NCSC)’s Early Warning service is free to all UK organizations. It searches millions of daily threat “events” flowing through the system and surfaces ones relevant to users’ IP addresses and domains.

Going forward, the service will incorporate an edited version of the Admiralty Scale, an industry standard method of evaluating intelligence, according to the NCSC.

“Also called the ‘Nato System,’ it’s used to communicate the reliability of an intelligence source by assigning it a ‘graded’ letter, and communicate its credibility with a number,” it explained in a blog post.

“It does this by assessing the source’s capability or history, and by corroborating it with other sources. MISP users might already be familiar with it.”

The upgrade to Early Warning will help users to assess alerts provided by the service with greater clarity so that they can be more accurately prioritized by security operations teams.

The NCSC said it would also improve the quality of information shared across the threat intelligence community more generally and reduce the volume of inaccurate or irrelevant information sent to partners.

Early Warning provides three main alert types:

  • Incident notifications, which can indicate an active compromise of the user’s system
  • Network abuse events, which can flag when company assets have been linked to malicious activity
  • Vulnerabilities and open ports, which should be addressed to reduce the corporate attack surface

“You might wonder what’s special about Early Warning when there are plenty of other data feeds out there,” the NCSC said. “Well, the service uses information feeds from the NCSC, as well as trusted public, commercial and closed sources, including several privileged feeds not available elsewhere.”

What’s hot on Infosecurity Magazine?