Skip to content
Grit Blog

The Next Step: The GRIT Threat Feed is here

Posted by: Drew Schmitt

2 min read

When we launched GRIT just over a year ago, it came from a desire to take all the great work GuidePoint Security’s Incident Response and Threat Intelligence teams were doing–everything that we were proactively researching and working on–and share it with as many people as we could.

When we’re working on an incident or researching a new threat, we generate intelligence from every possible source. What we see firsthand, various OSINT products we can find, and anything else we come in contact with will inform and advance our research and our work. In the early hours of a post-breach investigation, we analyze everything we can find and sort the high fidelity from the low fidelity as we go. Our team knows firsthand the importance of having multiple sources of threat intelligence to rely on, because we wouldn’t be as effective at our jobs otherwise.

Unfortunately for the average Cyber Threat Intelligence (CTI) or security team, there isn’t enough time in the day to be able to sift through every possible indicator of compromise during an incident and make determinations about what’s worthwhile and what isn’t. If you try to do that, at a certain point the alerts start becoming background noise and things slip through the cracks.

At GuidePoint Security, GRIT’s role is to work hand in hand with the DFIR team to make sure they have solid, actionable intelligence about the threats they’re dealing with. One of our first steps in building the GRIT function was to automate that pipeline so our incident responders could receive threat intel we created as quickly as possible. And it just seems logical that the next step from there would be to push that vetted, quality intelligence out to the public. So today, we’re launching the GRIT Threat Feed.

Our focus for this feed is to deliver high-fidelity, actionable threat intelligence. If you were to go out and add all the threat feeds, all the sources that we use, to your own tools, you’d quickly be swamped in repetitive notifications and alerts. Our feed includes both proprietary information from our incident response and threat research team, as well as data from open-source feeds. We perform deduplication, normalization, and enrichment on all of the data to build up the confidence of each indicator, so that our clients receive only the most relevant and high-quality threat intelligence.

From the beginning, we set out to produce threat intelligence that could be shared at scale to have an impact on threat actors and make it harder for them to be successful. The GRIT threat feed is the next evolution toward that goal.

Categories: Blog Cybersecurity GRIT Blog Incident Response & Threat Intelligence
Tags:GRITLaunchThreat Feed

Drew Schmitt

Practice Lead, GRIT,
GuidePoint Security

Drew Schmitt is the Practice Lead for the GuidePoint Research and Intelligence Team (GRIT), where he engages in malware reverse engineering, threat intelligence development, and incident response investigations on behalf of the firm’s clients. His career background includes cybersecurity operations for several clients over various verticals.

Drew joined the GuidePoint team from Palo Alto Networks/The Crypsis Group where he was a Senior DFIR Consultant and a member of the Threat Intelligence team and specialized in malware analysis, threat hunting, and DFIR investigations. Prior to that, Drew spent time working as an incident responder, SOC analyst, and IT administrator across several industries including healthcare and manufacturing.

In addition to various roles in the security community Drew has experience as an adjunct professor teaching cybersecurity courses at Metropolitan State University in St. Paul, MN, acting as a mentor for the Metro State CCDC team, and has created an PowerShell based open source incident response framework called Power-Response.

Drew holds a Master of Science degree in Security Technologies from the University of Minnesota, a Graduate Certificate in Incident Response from the SANS Technology Institute, and has obtained a several GIAC certifications.

Customer Success Story: Wyndham Hotels & Resorts
Hear how Wyndham Hotels & Resorts relies upon GuidePoint Security as a trusted advisor and extension of its security team.
Watch Now

Related Articles

View All

  • Application Security
The Critical Need for Multi-Role Testing in Application Security
Posted by: Austin Turecek
Read More 7 min read
  • Application Security
RACE Conditions in Modern Web Applications
Posted by: Austin Turecek
Read More 8 min read
  • OT Security Services
Building and Enhancing OT/ICS Security Programs Through Governance, Risk, and Compliance (GRC)
Posted by: Christopher Warner
Read More 4 min read