Sharing threat intelligence is an old idea that appears to be earning new credibility.
Researchers, security professionals and government entities have long informally shared information about vulnerabilities. And there are several organized threat exchange platforms, notably Microsoft’s Interflow exchange, AlienVault’s Open Threat Exchange and the Health Information Trust Alliance (HITRUST) Cyber Threat Xchange.
The cyberintelligence sharing concept has picked up steam this year, thanks to a couple of key events.
Obama Cybersecurity Recommendations
In February President Obama signed an executive order that contained several recommendations for improving cybersecurity, among them a call for sharing threat information via “hubs” for different industry sectors.
In an interview with eWEEK, J. Michael Daniel, White House cybersecurity coordinator, said: “We’re not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing —such as in the financial services industry — and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders.”
Facebook, Start-ups Share Security Threat Information
Facebook in February launched ThreatExchange, an API-based platform that facilitates sharing security threat information. Based on Facebook’s threat analysis framework called ThreatData, it has attracted high-profile participants like Tumblr, Twitter and Yahoo.
Wrote Mark Hammell, manager of Facebook’s Threat Infrastructure team: “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”
And a growing number of startups, including ThreatStream, BrightPoint Security and TruSTAR Technology, make the sharing of threat intelligence a key part of their solutions.
The Society for Information Management (SIM) is also building a division called the Coalition for Open Security, according to a recent eSecurity Planet story. Though the coalition is just getting started, it already includes executives from companies like Allstate, BP and Pfizer.
Threat Intelligence Requires Infrastructure and Response Plan
Threat exchanges are far from perfect, however. In an April interview with eSecurity Planet, Ken Weston, a senior security analyst with Tripwire, said exchanges are simply not effective without an underlying infrastructure that provides good visibility into network activity and log activity flagged by intrusion detection systems.
It’s also important to ensure that your organization is ready to respond to relevant threat intelligence. In a paper on cyberintelligence sharing, Gartner’s Anton Chuvakin wrote that it might be necessary for an organization to create a new functional group to coordinate sharing efforts. “… Organizations should expand sharing efforts and relationships to involve supply chain partner organizations, customers and end-users,” he advised.
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.
This article was originally published on September 02, 2015