Improving Threat Intelligence Sharing

Uploaded on 2024-10-02 in TECHNOLOGY--Resilience, FREE TO VIEW

Many factors play a part in creating a robust security strategy; for example, threat intelligence collaboration and information sharing is critical. However, recent research indicates that despite the vast majority of businesses acknowledging the importance of these challenges, most still struggle to share threat intelligence insights across teams and security platforms.

A staggering 91% of respondents stated that collaboration and information sharing are either very important or absolutely crucial to cybersecurity. At the same time, 70% think their company could improve intelligence sharing.

The research takes a deeper dive into the core issues and finds that, when asked to pick out the weakest element in their cybersecurity strategy for information sharing, 51% identify people as the principle barrier to progress, followed by processes (21%) and technologies (11%). That said, 49% of people stated that their organisations find it difficult to share and produce actionable insights across multiple security platforms, such as threat intelligence, SIEM, vulnerability management and asset management.

Managing The Disconnect

What next, then, for the notable majority of companies who must improve their threat collaboration but find it difficult to do so? There are a range of reasons that cause this disconnect, varying from one organisation to the next, however, generally speaking, it is widely understood that silos – whether that be by team, data or technology – restrict effective communication and collaboration. This applies equally to cyber threat intelligence where silos severely impact the ability to identify and respond to imminent attacks.

Examining the data more closely, it reveals that the teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). A mere 23% of teams share threat intelligence day to day, 21% do so in real-time, 17% weekly and 14% monthly.

When we combine this lack of collaboration with other existing obstacles, whether they be culture or process-driven, the clear lack of awareness is putting many teams at a disadvantage from the off. That means fostering a better understanding of the role of effective intelligence and information sharing is the starting point for creating a more collaborative environment within specific entities and more broadly across the threat intelligence spectrum.

By collecting, analysing and spreading actionable intelligence, along with methods to mitigate threat impacts, organisations can become ‘stronger together’ and improve resilience together. Putting this into practice requires organisations to commit to coordinating their cybersecurity strategies to identify, mitigate and recover from threats and breaches.

This should begin with a process that defines the stakeholders who will participate in the collective defence initiative.

These can include anything from private companies and government agencies to non-profits and Information Sharing and Analysis Centres (ISACs), among others. For example, ISACs look to enhance predictive cyber defence and share mitigation intelligence on sector-specific threats, while securing member infrastructure and assets. The most efficient ISACs bolster overall security collaboration and drive improved outcomes by automating manual processes.

The Advent Of AI & Automation

AI has evolved dramatically in recent years and already plays a significant role in threat intelligence collaboration. Most importantly AI enables the automated identification, processing and dissemination of huge amounts of threat and remediation data.

AI technology is also being incorporated into detection and response solutions, where predictive security tools are providing security professionals with the revolutionary proactive capabilities they require to meet the sheer volume and complexity of cyberthreats, including real-time threat and behavioural analysis. What’s important to remember is that AI acts as both a dynamic catalyst for improving the quality and timeliness of threat intelligence information, and as a tool for turbocharging communication and collaboration. Given only a fifth of organisations presently share threat intelligence in real-time, AI has the potential to speed changes for the majority.

Currently, the disconnect between teams as well as the siloed use of security tools presents a significant risk to the successful delivery of threat intelligence.

Instead, what’s needed is a proactive, unitary approach where historically siloed functions become scalable and integrated, blending high-fidelity threat intelligence with operations for fast reactions. For example, deploying a Virtual Cyber Fusion Centre (vCFC) eliminates security silos by drawing discrete security functions together to proactively protect companies from threats. The vCFC provides integrated intelligence, response, orchestration and situational awareness resources, regardless of where teams are situated. That means they can effortlessly share and collaborate while removing the duplication of tools and data gathering.

Equipped with these resources, security teams can become more proactive in terms of threat identification, response and mitigation, containing incidents more quickly and enabling the collaboration and information sharing they need to thrive in a fast-moving world.

Dan Bridges is Technical Director at Cyware

Image:  Curated Lifestye

You Might Also Read:

Threat Intelligence: Most Prevalent Malware Rankings:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Criminal Communication App Taken Down
Medusa Ransomware Group: Delivering Sophisticated Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Active Navigation

Active Navigation

Active Navigation is a data privacy and governance software company.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.