ITS Information Assurance (IA) hosts and facilitates a threat intelligence repository that is shared across the Big Ten Academic Alliance (BTAA). The repository is at the core of a framework for collecting, generating, sharing, and using threat intelligence—Michigan Intelligence for Threat Negation (MITN). MITN helped one BTAA school block 90% of attack traffic during a DDoS attack.
IA knows that attackers frequently go after more than one university with the same approach. They may start with an attack on a small number of targets, fine tune it, and then go after additional targets. By sharing information about threats, universities can help each other react faster—and sometimes even stop attack attempts before they begin.
The MITN repository contains Internet Protocol (IP) addresses, domains, email addresses, and more that are known to be malicious. IA staff gather and compile the information from multiple trusted sources, including REN-ISAC, Spamhaus, and others—as well as threats detected at U-M. Participating universities contribute their own information and then use the shared intelligence to configure firewalls, network intrusion prevention systems (IPSs), malware filters, and other security services.
How MITN Protects U-M
MITN is an integral part of the university's approach to network security threat detection and mitigation. IA and other university IT staff use MITN data to block attempted attacks on U-M email infrastructure, firewalls, and other central and unit-based systems. Multiple open source threat feeds, data shared by peer institutions, and threats identified at U-M contribute to more than 60,000 actionable indicators updated hourly to block millions of threats daily.
U-M units that would like to host MITN sensors and/or make use of the shared MITN data can contact IA through the ITS Service Center.
If you have questions about MITN, you can send them to [email protected].