Improving Threat Intelligence Sharing

Uploaded on 2024-10-02 in TECHNOLOGY--Resilience, FREE TO VIEW

Many factors play a part in creating a robust security strategy; for example, threat intelligence collaboration and information sharing is critical. However, recent research indicates that despite the vast majority of businesses acknowledging the importance of these challenges, most still struggle to share threat intelligence insights across teams and security platforms.

A staggering 91% of respondents stated that collaboration and information sharing are either very important or absolutely crucial to cybersecurity. At the same time, 70% think their company could improve intelligence sharing.

The research takes a deeper dive into the core issues and finds that, when asked to pick out the weakest element in their cybersecurity strategy for information sharing, 51% identify people as the principle barrier to progress, followed by processes (21%) and technologies (11%). That said, 49% of people stated that their organisations find it difficult to share and produce actionable insights across multiple security platforms, such as threat intelligence, SIEM, vulnerability management and asset management.

Managing The Disconnect

What next, then, for the notable majority of companies who must improve their threat collaboration but find it difficult to do so? There are a range of reasons that cause this disconnect, varying from one organisation to the next, however, generally speaking, it is widely understood that silos – whether that be by team, data or technology – restrict effective communication and collaboration. This applies equally to cyber threat intelligence where silos severely impact the ability to identify and respond to imminent attacks.

Examining the data more closely, it reveals that the teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). A mere 23% of teams share threat intelligence day to day, 21% do so in real-time, 17% weekly and 14% monthly.

When we combine this lack of collaboration with other existing obstacles, whether they be culture or process-driven, the clear lack of awareness is putting many teams at a disadvantage from the off. That means fostering a better understanding of the role of effective intelligence and information sharing is the starting point for creating a more collaborative environment within specific entities and more broadly across the threat intelligence spectrum.

By collecting, analysing and spreading actionable intelligence, along with methods to mitigate threat impacts, organisations can become ‘stronger together’ and improve resilience together. Putting this into practice requires organisations to commit to coordinating their cybersecurity strategies to identify, mitigate and recover from threats and breaches.

This should begin with a process that defines the stakeholders who will participate in the collective defence initiative.

These can include anything from private companies and government agencies to non-profits and Information Sharing and Analysis Centres (ISACs), among others. For example, ISACs look to enhance predictive cyber defence and share mitigation intelligence on sector-specific threats, while securing member infrastructure and assets. The most efficient ISACs bolster overall security collaboration and drive improved outcomes by automating manual processes.

The Advent Of AI & Automation

AI has evolved dramatically in recent years and already plays a significant role in threat intelligence collaboration. Most importantly AI enables the automated identification, processing and dissemination of huge amounts of threat and remediation data.

AI technology is also being incorporated into detection and response solutions, where predictive security tools are providing security professionals with the revolutionary proactive capabilities they require to meet the sheer volume and complexity of cyberthreats, including real-time threat and behavioural analysis. What’s important to remember is that AI acts as both a dynamic catalyst for improving the quality and timeliness of threat intelligence information, and as a tool for turbocharging communication and collaboration. Given only a fifth of organisations presently share threat intelligence in real-time, AI has the potential to speed changes for the majority.

Currently, the disconnect between teams as well as the siloed use of security tools presents a significant risk to the successful delivery of threat intelligence.

Instead, what’s needed is a proactive, unitary approach where historically siloed functions become scalable and integrated, blending high-fidelity threat intelligence with operations for fast reactions. For example, deploying a Virtual Cyber Fusion Centre (vCFC) eliminates security silos by drawing discrete security functions together to proactively protect companies from threats. The vCFC provides integrated intelligence, response, orchestration and situational awareness resources, regardless of where teams are situated. That means they can effortlessly share and collaborate while removing the duplication of tools and data gathering.

Equipped with these resources, security teams can become more proactive in terms of threat identification, response and mitigation, containing incidents more quickly and enabling the collaboration and information sharing they need to thrive in a fast-moving world.

Dan Bridges is Technical Director at Cyware

Image:  Curated Lifestye

You Might Also Read:

Threat Intelligence: Most Prevalent Malware Rankings:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Criminal Communication App Taken Down
Medusa Ransomware Group: Delivering Sophisticated Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Dynamic Standards International (DSI)

Dynamic Standards International (DSI)

Dynamic Standards International is a global standards development organization which develops certifiable ‘dynamic standards’ that pace with fast-evolving landscapes.