Cyber Threat Intelligence: Sharing Is Caring

Uploaded on 2016-04-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Shared cyber-threat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.

Recently, the US Department of Homeland Security announced the deployment of the Automated Indicator Sharing (AIS) system, which allows the exchange of cyber-threat intelligence among private and public organizations. Increasing the breadth and speed of information sharing will reduce the number of security compromises, enabling all types of organizations to better defend themselves against emerging threats.

There is almost unanimous agreement among security professionals that cyber-threat information is valuable to their organizations. However, as we dig deeper into the attitudes and implementation barriers to sharing that information, we find myths and significant reticence.

First, let’s define cyber-threat intelligence and dispel a significant myth. Cyber-threat intelligence comprises details and metadata about suspicious and malicious activity, including attack vectors, weaknesses that are being exploited, and mitigation or containment actions. It does not contain any personally identifiable information, even when sharing a file reputation.

Next, let’s look at which threat and reputation data people are willing, and unwilling, to share. Intel Security recently surveyed almost 500 security professionals globally and found that about three-quarters of those involved with and knowledgeable about cyber-threat intelligence sharing are willing to pass on information about the behavior of observed malware. Malware details have been shared for a long time, typically with an incumbent vendor or nonaligned security organization. What is surprising is that this figure is not closer to 100%.

Around half of the security professionals surveyed are also willing to share reputation info on URLs, external IP addresses, and security certificates. This increased reluctance to share is typically attributed to company policy or industry regulations and often comes from concerns about legal repercussions from the entities that are identified as being potentially malicious.

Finally, only about one-third are willing to share file reputations, probably due to concerns about accidentally releasing some sensitive or confidential information in the file. Yet cyber-threat intelligence-sharing systems calculate a unique one-way hash to represent the file that is being convicted -- this is the only data that leaves the corporate system -- and the file cannot be recreated in any way using this value.

Sharing More Valuable Than Secrecy

Increasing support for cyber-threat-intelligence technical standards will help people understand exactly what is and is not included in a threat record and will broaden industry implementations. Although some organizations believe they stand a better chance of identifying and catching bad guys by themselves if they keep the attack details private, more and more realize that the changing nature of attacks makes sharing more valuable than secrecy. Standardization will also make it easier to combine and correlate multiple discrete observations into a larger and more accurate picture of a particular threat.

Catching modern, adaptive attacks is difficult for traditional endpoint and firewall defenses working in isolation because the attacks often mutate every few hours or days, faster than signature updates and scanning tools can keep up. The trend toward targeted attacks is also increasing interest in industry-specific cyber-threat intelligence. Although there are still barriers to overcome before cyber-threat intelligence sharing is widespread, those barriers are falling as successes are publicized and regulations are enacted to provide liability protection. Within a couple of years, shared cyber-threat intelligence will be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.

DarkReading: http://ubm.io/1ZR2gXZ

« The Delayed FinTech Revolution
‘Eye In The Sky’: The Reality Of Drone Warfare Revealed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cloud53

Cloud53

Clolud53 is a Manchester based Managed Cyber Security & Cloud company providing solutions focused around you.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Perygee

Perygee

Perygee is a fully integrated platform for operational security. Companies depend on Perygee to identify and streamline the most important security practices for their operations.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Sesame Technologies

Sesame Technologies

Sesame Technologies provides advanced cybersecurity services to protect businesses from digital threats.