While busy CISOs develop new threat detection methods and leverage existing products, the simplest method of improving security is information sharing. Vertical threat sharing provides one of the best protections and it costs nothing.
Speeds Threat Identification
Sharing what happens to you allows others to identify problems more quickly and encourages them to share their threat identifications with you. Rather than altruistic this creates a time-saving exchange.
Suspicious Activity Provides Warnings
More than simple breach notifications, this can also lead to identification of building threats early in the security cycle. Noting and sharing suspicious activity helps identify potential players and mounting issues. Suspicious activity also provides early indicators of potential entry points and security holes.
Share Aggregated or Anonymous Data
Sharing your threat data falls within the law as long as you do not include personally identifiable information. If your customers were harmed in the attack or their data leveraged, shared anonymous information of aggregate the date on the attack. Under the Cybersecurity Information Sharing Act of 2015, you can legally share:
- suspicious URLs,
- hash tags,
- IP addresses.
Make It Easy to Use
To make it really easy to help each, create an easy to use system for sharing threats with one another. Ensure your method easily integrates with everyone’s workflow.
Pooling Information Can Uncover Motives
Sharing threat intelligence and suspicious activity helps reveal the why behind the attacks. Comparing data from numerous attacks helps identify whether hackers represent a nation, criminal organization, or hacktivists. Analytics and tradecraft alone cannot uncover such details.
Real-time Sharing Best Benefits All
Real-time sharing of threat data and intel ensures IT teams can efficiently detect and identify impending threats. This speeds response time.
Building a threat sharing program within your organization and identifying sharing partners does not have to be problematic. Since 2014, the independent organization, the Cyber Threat Alliance (CTA), has created a sharing network that includes industry leaders including McAfee, Symantec, Palo Alto Networks, Fortinet, Cisco, Checkpoint, plus small businesses. CTA collects and correlates data provided by its sharing partners.
Join your industry or regional Information Sharing and Analysis Center (ISAC) group. It provides educational opportunities and empowers peer data sharing. ISACs provide their own analysis, providing an independent expert opinion.
The use of threat intelligence tools such as the products of Threat Intelligence Platform can assist you in obtaining, analyzing and sharing data. It offers tools and APIs that draw out information from hosts and their infrastructure. It gathers data from providers and its partner network, contains a database with more than ten years of threat data and provide real-time host configuration analysis. It provides reports that help analyze existing threats by:
- IP resolution data,
- SSL certificate analysis,
- analyze website content, domains and host configurations,
- malware detection,
- WHOIS records,
- DNS MX records and correspondent mail servers,
- name server configuration, output and configuration problems.
Sharing threat information helps everyone online remain safer. It enables you to better conduct business by reducing downtime, eliminating threats and identifying weaknesses in operations or systems. Existing organizations and threat intelligence tools provide important quick start assistance to establishing a threat sharing program in your organization.
Meta Title: Why the Sharing of Threat Intelligence Makes Everyone Safer
Meta Description: Find out what some of the benefits of sharing threat intelligence are, how that makes us safer and what application we can use to help us analyze the data.