Cyber Threat Intelligence: Sharing Is Caring

Uploaded on 2016-04-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Shared cyber-threat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.

Recently, the US Department of Homeland Security announced the deployment of the Automated Indicator Sharing (AIS) system, which allows the exchange of cyber-threat intelligence among private and public organizations. Increasing the breadth and speed of information sharing will reduce the number of security compromises, enabling all types of organizations to better defend themselves against emerging threats.

There is almost unanimous agreement among security professionals that cyber-threat information is valuable to their organizations. However, as we dig deeper into the attitudes and implementation barriers to sharing that information, we find myths and significant reticence.

First, let’s define cyber-threat intelligence and dispel a significant myth. Cyber-threat intelligence comprises details and metadata about suspicious and malicious activity, including attack vectors, weaknesses that are being exploited, and mitigation or containment actions. It does not contain any personally identifiable information, even when sharing a file reputation.

Next, let’s look at which threat and reputation data people are willing, and unwilling, to share. Intel Security recently surveyed almost 500 security professionals globally and found that about three-quarters of those involved with and knowledgeable about cyber-threat intelligence sharing are willing to pass on information about the behavior of observed malware. Malware details have been shared for a long time, typically with an incumbent vendor or nonaligned security organization. What is surprising is that this figure is not closer to 100%.

Around half of the security professionals surveyed are also willing to share reputation info on URLs, external IP addresses, and security certificates. This increased reluctance to share is typically attributed to company policy or industry regulations and often comes from concerns about legal repercussions from the entities that are identified as being potentially malicious.

Finally, only about one-third are willing to share file reputations, probably due to concerns about accidentally releasing some sensitive or confidential information in the file. Yet cyber-threat intelligence-sharing systems calculate a unique one-way hash to represent the file that is being convicted -- this is the only data that leaves the corporate system -- and the file cannot be recreated in any way using this value.

Sharing More Valuable Than Secrecy

Increasing support for cyber-threat-intelligence technical standards will help people understand exactly what is and is not included in a threat record and will broaden industry implementations. Although some organizations believe they stand a better chance of identifying and catching bad guys by themselves if they keep the attack details private, more and more realize that the changing nature of attacks makes sharing more valuable than secrecy. Standardization will also make it easier to combine and correlate multiple discrete observations into a larger and more accurate picture of a particular threat.

Catching modern, adaptive attacks is difficult for traditional endpoint and firewall defenses working in isolation because the attacks often mutate every few hours or days, faster than signature updates and scanning tools can keep up. The trend toward targeted attacks is also increasing interest in industry-specific cyber-threat intelligence. Although there are still barriers to overcome before cyber-threat intelligence sharing is widespread, those barriers are falling as successes are publicized and regulations are enacted to provide liability protection. Within a couple of years, shared cyber-threat intelligence will be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.

DarkReading: http://ubm.io/1ZR2gXZ

« The Delayed FinTech Revolution
‘Eye In The Sky’: The Reality Of Drone Warfare Revealed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Myra Security

Myra Security

The fully automated Myra DDoS Protection reliably protects web applications, websites, DNS servers, and IT infrastructures.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.