close
Gartner Report:
Innovation Insight for
Security Orchestration,
Automation and Response DOWNLOAD NOW

Threat Intelligence Sharing is Real

As humans, our nature is to collaborate. We are social beings; we work together, learn from each other, help one another, and entertain. This is why threat intelligence sharing has become such a hot topic for IT professionals. But, there are better ways to share than what we have seen in the wild. Exchanging information bits from machine-to-machine can be effective as an alerting mechanism, but it simply can’t produce the context rich threat intelligence that results from cyber defenders banded together against common threats.  We were encouraged to see the Executive Order come out in February to promote private sector threat information sharing. Threat Intelligence sharing between is something we are so passionate about that we held the initial launch of ThreatConnect in 2013 until our Community feature was ready to launch!

Fast forward 20 months since our public launch. We now host thousands of ThreatConnect users across a variety of private and public communities.

ThreatConnect-Community-Marketplace

Now, the arrival of our new Community Marketplace provides ThreatConnect users the ability to match their personal and organizational  interests to Communities of interest – by industry, threat, short term events (like the World Cup or Olympics), geography, and more. In fact, our Community Marketplace aligns very nicely with the ISAO (Information Sharing and Analysis Organization) concept that was mentioned in the Executive Order, because it aims to facilitate the creation of private sector communities to collaborate around threat intelligence themes. If you belong to an existing ISAC (Information Sharing and Analysis Center), know that we are currently on-boarding ISACs into our Marketplace, so stay tuned!  Analysts want relevant intelligence to make smarter data-driven decisions, and ThreatConnect’s Marketplace offers a la carte intelligence sources, collaborative communities and defense integrations.

ThreatConnect-Community-Marketplace-List

We realize that the sharing of threat intelligence can be complicated business. So, ThreatConnect Communities are provisioned to support member attribution or anonymity, while fine grained access controls enable role specialization for each Community user.  Also, with ThreatConnect you can create custom security labels and attributes, and allow automated redaction (stripping) when sharing data into a Community. Each Community member has the ability to receive automatic notifications when something of interest changes within the Community, while activity logs capture historical information and threaded comments with hyperlinked context. This makes navigation through complex threat data easy.

Since the threat doesn’t discriminate, ThreatConnect Communities bring together the very largest and smallest of organizations to collaborate around common threats that they are facing. There is no cost to participate in any of the public ThreatConnect Communities listed in our Marketplace.  We do not believe that cost should pose a barrier to collaborative working. (Note: Each ThreatConnect Community comes with its unique set of participation criteria, so log into ThreatConnect and see the Community Marketplace for details.)

Some benefits from community participation, like faster threat awareness, are obvious.  An important, but not so obvious benefit, is analyst learning. Often times, community members will share techniques on how to conduct analysis and find adversaries operating in their networks. Less skilled analysts can develop new skills through community participation and collaboration.

Think of ThreatConnect Communities as the analyst early warning system.  The ability to track infrastructure movements via community collaboration can create defensive actions that are dynamic, and in many cases, predictive. Sharing with the community effectively increases the number of analysts who are looking at the problem - potentially growing the dataset.

Working together is the best chance against a common enemy.  ThreatConnect Communities make human collaboration a threat intelligence reality. If you’re looking for a community flavor that isn’t in our Marketplace, let us know.  We’re open to ideas.

ABOUT THE AUTHOR

With ThreatConnect, security analysts can simultaneously coordinate with incident response, security operations and risk management teams while aggregating data from trusted communities. Your team will be better equipped to protect the organization from modern cyber threats, mitigate risk and address strategic business needs all thorough a single, robust platform.