Improving Threat Intelligence Sharing

Many factors play a part in creating a robust security strategy; for example, threat intelligence collaboration and information sharing is critical. However, recent research indicates that despite the vast majority of businesses acknowledging the importance of these challenges, most still struggle to share threat intelligence insights across teams and security platforms.

A staggering 91% of respondents stated that collaboration and information sharing are either very important or absolutely crucial to cybersecurity. At the same time, 70% think their company could improve intelligence sharing.

The research takes a deeper dive into the core issues and finds that, when asked to pick out the weakest element in their cybersecurity strategy for information sharing, 51% identify people as the principle barrier to progress, followed by processes (21%) and technologies (11%). That said, 49% of people stated that their organisations find it difficult to share and produce actionable insights across multiple security platforms, such as threat intelligence, SIEM, vulnerability management and asset management.

Managing The Disconnect

What next, then, for the notable majority of companies who must improve their threat collaboration but find it difficult to do so? There are a range of reasons that cause this disconnect, varying from one organisation to the next, however, generally speaking, it is widely understood that silos – whether that be by team, data or technology – restrict effective communication and collaboration. This applies equally to cyber threat intelligence where silos severely impact the ability to identify and respond to imminent attacks.

Examining the data more closely, it reveals that the teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). A mere 23% of teams share threat intelligence day to day, 21% do so in real-time, 17% weekly and 14% monthly.

When we combine this lack of collaboration with other existing obstacles, whether they be culture or process-driven, the clear lack of awareness is putting many teams at a disadvantage from the off. That means fostering a better understanding of the role of effective intelligence and information sharing is the starting point for creating a more collaborative environment within specific entities and more broadly across the threat intelligence spectrum.

By collecting, analysing and spreading actionable intelligence, along with methods to mitigate threat impacts, organisations can become ‘stronger together’ and improve resilience together. Putting this into practice requires organisations to commit to coordinating their cybersecurity strategies to identify, mitigate and recover from threats and breaches.

This should begin with a process that defines the stakeholders who will participate in the collective defence initiative.

These can include anything from private companies and government agencies to non-profits and Information Sharing and Analysis Centres (ISACs), among others. For example, ISACs look to enhance predictive cyber defence and share mitigation intelligence on sector-specific threats, while securing member infrastructure and assets. The most efficient ISACs bolster overall security collaboration and drive improved outcomes by automating manual processes.

The Advent Of AI & Automation

AI has evolved dramatically in recent years and already plays a significant role in threat intelligence collaboration. Most importantly AI enables the automated identification, processing and dissemination of huge amounts of threat and remediation data.

AI technology is also being incorporated into detection and response solutions, where predictive security tools are providing security professionals with the revolutionary proactive capabilities they require to meet the sheer volume and complexity of cyberthreats, including real-time threat and behavioural analysis. What’s important to remember is that AI acts as both a dynamic catalyst for improving the quality and timeliness of threat intelligence information, and as a tool for turbocharging communication and collaboration. Given only a fifth of organisations presently share threat intelligence in real-time, AI has the potential to speed changes for the majority.

Currently, the disconnect between teams as well as the siloed use of security tools presents a significant risk to the successful delivery of threat intelligence.

Instead, what’s needed is a proactive, unitary approach where historically siloed functions become scalable and integrated, blending high-fidelity threat intelligence with operations for fast reactions. For example, deploying a Virtual Cyber Fusion Centre (vCFC) eliminates security silos by drawing discrete security functions together to proactively protect companies from threats. The vCFC provides integrated intelligence, response, orchestration and situational awareness resources, regardless of where teams are situated. That means they can effortlessly share and collaborate while removing the duplication of tools and data gathering.

Equipped with these resources, security teams can become more proactive in terms of threat identification, response and mitigation, containing incidents more quickly and enabling the collaboration and information sharing they need to thrive in a fast-moving world.

Dan Bridges is Technical Director at Cyware

Image:  Curated Lifestye

You Might Also Read:

Threat Intelligence: Most Prevalent Malware Rankings:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Criminal Communication App Taken Down
Medusa Ransomware Group: Delivering Sophisticated Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.