Webopedia on Google+Webopedia on TwitterWebopedia on FacebookTech Bytes Blog
Main » Blog »

Sharing Threat Intelligence: An Old Idea Gaining New Credibility

Sharing threat intelligence is an old idea that appears to be earning new credibility.

Researchers, security professionals and government entities have long informally shared information about vulnerabilities. And there are several organized threat exchange platforms, notably Microsoft's Interflow exchange, AlienVault's Open Threat Exchange and the Health Information Trust Alliance (HITRUST) Cyber Threat Xchange.

The cyberintelligence sharing concept has picked up steam this year, thanks to a couple of key events.

Obama Cybersecurity Recommendations

cyber security
In February President Obama signed an executive order that contained several recommendations for improving cybersecurity, among them a call for sharing threat information via "hubs" for different industry sectors.

In an interview with eWEEK, J. Michael Daniel, White House cybersecurity coordinator, said: "We're not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing such as in the financial services industry and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders."

Facebook, Start-ups Share Security Threat Information

Facebook in February launched ThreatExchange, an API-based platform that facilitates sharing security threat information. Based on Facebook's threat analysis framework called ThreatData, it has attracted high-profile participants like Tumblr, Twitter and Yahoo.

Wrote Mark Hammell, manager of Facebook's Threat Infrastructure team: "Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other's discoveries and make their own systems safer. That's the beauty of working together on security. When one company gets stronger, so do the rest of us."

And a growing number of startups, including ThreatStream, BrightPoint Security and TruSTAR Technology, make the sharing of threat intelligence a key part of their solutions.

The Society for Information Management (SIM) is also building a division called the Coalition for Open Security, according to a recent eSecurity Planet story. Though the coalition is just getting started, it already includes executives from companies like Allstate, BP and Pfizer.

Threat Intelligence Requires Infrastructure and Response Plan

Threat exchanges are far from perfect, however. In an April interview with eSecurity Planet, Ken Weston, a senior security analyst with Tripwire, said exchanges are simply not effective without an underlying infrastructure that provides good visibility into network activity and log activity flagged by intrusion detection systems.

It's also important to ensure that your organization is ready to respond to relevant threat intelligence. In a paper on cyberintelligence sharing, Gartner's Anton Chuvakin wrote that it might be necessary for an organization to create a new functional group to coordinate sharing efforts. "... Organizations should expand sharing efforts and relationships to involve supply chain partner organizations, customers and end-users," he advised.

eSecurity Planet
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.

Software Testing Training in Chennai said on October 04, 2015 23:15 PM PDT

Create a stable of reliable sources to research threat intelligence. Take advantage of industry consortia to validate processes and findings and the right online tools to enable those interactions. Pay attention to industry standards such as Structured Threat Information Expression, Trusted Automated Exchange of Indicator Information and Cyber Observable Expression to ensure interoperability between your security products regardless of who your vendor is.

Make a comment

    (Maximum characters: 1200). You have characters left.


    8 Agenda Apps to Help Students Stay Organized

    Webopedia's student apps roundup will help you to better organize your class schedule and stay on top of assignments and homework. Read More »

    List of Free Shorten URL Services

    A URL shortener is a way to make a long Web address shorter. Try this list of free services. Read More »

    Top 10 Tech Terms of 2015

    The most popular Webopedia definitions of 2015. Read More »

    Java Basics, Part 1

    Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »

    Java Basics, Part 2

    This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »

    The 7 Layers of the OSI Model

    The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »