Main » Blog »

Sharing Threat Intelligence: An Old Idea Gaining New Credibility

Sharing threat intelligence is an old idea that appears to be earning new credibility.

Researchers, security professionals and government entities have long informally shared information about vulnerabilities. And there are several organized threat exchange platforms, notably Microsoft's Interflow exchange, AlienVault's Open Threat Exchange and the Health Information Trust Alliance (HITRUST) Cyber Threat Xchange.

The cyberintelligence sharing concept has picked up steam this year, thanks to a couple of key events.

Obama Cybersecurity Recommendations

cyber security
In February President Obama signed an executive order that contained several recommendations for improving cybersecurity, among them a call for sharing threat information via "hubs" for different industry sectors.

In an interview with eWEEK, J. Michael Daniel, White House cybersecurity coordinator, said: "We're not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing such as in the financial services industry and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders."

Facebook, Start-ups Share Security Threat Information

Facebook in February launched ThreatExchange, an API-based platform that facilitates sharing security threat information. Based on Facebook's threat analysis framework called ThreatData, it has attracted high-profile participants like Tumblr, Twitter and Yahoo.

Wrote Mark Hammell, manager of Facebook's Threat Infrastructure team: "Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other's discoveries and make their own systems safer. That's the beauty of working together on security. When one company gets stronger, so do the rest of us."

And a growing number of startups, including ThreatStream, BrightPoint Security and TruSTAR Technology, make the sharing of threat intelligence a key part of their solutions.

The Society for Information Management (SIM) is also building a division called the Coalition for Open Security, according to a recent eSecurity Planet story. Though the coalition is just getting started, it already includes executives from companies like Allstate, BP and Pfizer.

Threat Intelligence Requires Infrastructure and Response Plan

Threat exchanges are far from perfect, however. In an April interview with eSecurity Planet, Ken Weston, a senior security analyst with Tripwire, said exchanges are simply not effective without an underlying infrastructure that provides good visibility into network activity and log activity flagged by intrusion detection systems.

It's also important to ensure that your organization is ready to respond to relevant threat intelligence. In a paper on cyberintelligence sharing, Gartner's Anton Chuvakin wrote that it might be necessary for an organization to create a new functional group to coordinate sharing efforts. "... Organizations should expand sharing efforts and relationships to involve supply chain partner organizations, customers and end-users," he advised.

eSecurity Planet
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.

Software Testing Training in Chennai said on October 04, 2015 23:15 PM PDT

Create a stable of reliable sources to research threat intelligence.Take advantage of industry consortia to validate processes and findings and the right online tools to enable those interactions.Pay attention to industry standards such as Structured Threat Information Expression, Trusted Automated Exchange of Indicator Information and Cyber Observable Expression to ensure interoperability between your security products regardless of who your vendor is.

Make a comment

    (Maximum characters: 1200). You have characters left.



    Facts about IT & Coding Boot Camps

    The following coding and IT boot camp facts and statistics provide an introduction to the changing trends in education and training programs. Read More »

    Top Cloud Computing Facts

    The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »

    Texting & Chat Abbreviations

    From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »

    Java Basics, Part 1

    Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »

    Java Basics, Part 2

    This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »

    Network Fundamentals Study Guide

    Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »