Improving Threat Intelligence Sharing

Uploaded on 2024-10-02 in TECHNOLOGY--Resilience, FREE TO VIEW

Many factors play a part in creating a robust security strategy; for example, threat intelligence collaboration and information sharing is critical. However, recent research indicates that despite the vast majority of businesses acknowledging the importance of these challenges, most still struggle to share threat intelligence insights across teams and security platforms.

A staggering 91% of respondents stated that collaboration and information sharing are either very important or absolutely crucial to cybersecurity. At the same time, 70% think their company could improve intelligence sharing.

The research takes a deeper dive into the core issues and finds that, when asked to pick out the weakest element in their cybersecurity strategy for information sharing, 51% identify people as the principle barrier to progress, followed by processes (21%) and technologies (11%). That said, 49% of people stated that their organisations find it difficult to share and produce actionable insights across multiple security platforms, such as threat intelligence, SIEM, vulnerability management and asset management.

Managing The Disconnect

What next, then, for the notable majority of companies who must improve their threat collaboration but find it difficult to do so? There are a range of reasons that cause this disconnect, varying from one organisation to the next, however, generally speaking, it is widely understood that silos – whether that be by team, data or technology – restrict effective communication and collaboration. This applies equally to cyber threat intelligence where silos severely impact the ability to identify and respond to imminent attacks.

Examining the data more closely, it reveals that the teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). A mere 23% of teams share threat intelligence day to day, 21% do so in real-time, 17% weekly and 14% monthly.

When we combine this lack of collaboration with other existing obstacles, whether they be culture or process-driven, the clear lack of awareness is putting many teams at a disadvantage from the off. That means fostering a better understanding of the role of effective intelligence and information sharing is the starting point for creating a more collaborative environment within specific entities and more broadly across the threat intelligence spectrum.

By collecting, analysing and spreading actionable intelligence, along with methods to mitigate threat impacts, organisations can become ‘stronger together’ and improve resilience together. Putting this into practice requires organisations to commit to coordinating their cybersecurity strategies to identify, mitigate and recover from threats and breaches.

This should begin with a process that defines the stakeholders who will participate in the collective defence initiative.

These can include anything from private companies and government agencies to non-profits and Information Sharing and Analysis Centres (ISACs), among others. For example, ISACs look to enhance predictive cyber defence and share mitigation intelligence on sector-specific threats, while securing member infrastructure and assets. The most efficient ISACs bolster overall security collaboration and drive improved outcomes by automating manual processes.

The Advent Of AI & Automation

AI has evolved dramatically in recent years and already plays a significant role in threat intelligence collaboration. Most importantly AI enables the automated identification, processing and dissemination of huge amounts of threat and remediation data.

AI technology is also being incorporated into detection and response solutions, where predictive security tools are providing security professionals with the revolutionary proactive capabilities they require to meet the sheer volume and complexity of cyberthreats, including real-time threat and behavioural analysis. What’s important to remember is that AI acts as both a dynamic catalyst for improving the quality and timeliness of threat intelligence information, and as a tool for turbocharging communication and collaboration. Given only a fifth of organisations presently share threat intelligence in real-time, AI has the potential to speed changes for the majority.

Currently, the disconnect between teams as well as the siloed use of security tools presents a significant risk to the successful delivery of threat intelligence.

Instead, what’s needed is a proactive, unitary approach where historically siloed functions become scalable and integrated, blending high-fidelity threat intelligence with operations for fast reactions. For example, deploying a Virtual Cyber Fusion Centre (vCFC) eliminates security silos by drawing discrete security functions together to proactively protect companies from threats. The vCFC provides integrated intelligence, response, orchestration and situational awareness resources, regardless of where teams are situated. That means they can effortlessly share and collaborate while removing the duplication of tools and data gathering.

Equipped with these resources, security teams can become more proactive in terms of threat identification, response and mitigation, containing incidents more quickly and enabling the collaboration and information sharing they need to thrive in a fast-moving world.

Dan Bridges is Technical Director at Cyware

Image:  Curated Lifestye

You Might Also Read:

Threat Intelligence: Most Prevalent Malware Rankings:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Criminal Communication App Taken Down
Medusa Ransomware Group: Delivering Sophisticated Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Summit 7 (S7)

Summit 7 (S7)

Summit 7 is a national leader in cybersecurity, compliance, and managed services for the Aerospace and Defense industry and corporate enterprises.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.

Axiler

Axiler

Axiler’s AI-driven self-healing architecture seamlessly detect, patch, and neutralize threats in real-time, ensuring systems remain secure and ever-adaptable.