Posted
We saw recently that GCHQ is poised to create a threat intelligence sharing community between public and private organizations in the UK. We applaud this effort and hope that more organizations follow suit. In May, we launched a European Community of Interest to achieve a similar goal of bringing together public and private organizations.
A challenge that many organizations face is how to establish an sharing community to collaborate within your organization or with other groups. With ThreatConnect, it’s easy to create a collaborative community. We allow any Team or Enterprise Subscribers, as well as Partners, to create a public or private community, a process that usually takes 30 minutes or less. For those who want a private platform to discretely build their own communities, we offer private cloud and on-premises deployment options as well. Here are a few steps that we followed to create our public and private communities.
Characterize the need:
- Before standing up a ThreatConnect community, you need to understand the problem you are trying to address. Determining if the community will be addressing a general set of threats, or perhaps focused around threats to a specific topic, event or geography.
Determine Community Privacy Policy:
- A community privacy policy allows the owner to choose whether they will require publicly attributable user profiles or anonymous pseudonyms. Many of our more mature ThreatConnect Communities use publicly attributable profiles because the users have pre-established working relationships and want to know who they are collaborating with.
Customize Your Community:
- With our latest release, we allow any organization or community to customize their user experience to their existing processes and procedures. With the Attributes 2.0 feature, users can create and order their own attributes for indicator groupings in addition to individualized indicators. Additionally, with “Security Labels” users can customize labels for their organization and any of their communities. Security Labels can then be applied to indicator groupings, individual indicators and attributes in accordance with organizational and community requirements. These labels can be used classify information within ThreatConnect and either allow or restrict what content and context is shared when it is time to publish information externally.
Establish Community Rules & Policies:
- ThreatConnect allows users to customize rules and policies to suit them, they can be as simple as the rules of “Fight Club” or more complex if needed. These policies establish the guidelines of how the community will interact with and protect one another as well as the way information that is shared.
Invite Your Community Members:
- Building your ThreatConnect community is as easy as sending an invitation, not unlike many other social media platforms. Once your community is operational, you may choose to delegate control to others using granular permissions to establish a variety of roles for your ThreatConnect community members.
Start Sharing:
- ThreatConnect started with a vision of developing a platform for anyone to aggregate their threat intelligence data, analyze it quickly, and act against threats. More than just a sharing platform or threat intelligence feed, we allow our users to create and analyze threat intelligence, distilling the most relevant information from the complex security challenges that are facing organizations today. We are thrilled to see more public and private sector organizations draw closer within communities and share their threat intelligence and are hopeful that ThreatConnect will be recognized as the threat intelligence platform of choice as those communities mature.