Improving Threat Intelligence Sharing

Uploaded on 2024-10-02 in TECHNOLOGY--Resilience, FREE TO VIEW

Many factors play a part in creating a robust security strategy; for example, threat intelligence collaboration and information sharing is critical. However, recent research indicates that despite the vast majority of businesses acknowledging the importance of these challenges, most still struggle to share threat intelligence insights across teams and security platforms.

A staggering 91% of respondents stated that collaboration and information sharing are either very important or absolutely crucial to cybersecurity. At the same time, 70% think their company could improve intelligence sharing.

The research takes a deeper dive into the core issues and finds that, when asked to pick out the weakest element in their cybersecurity strategy for information sharing, 51% identify people as the principle barrier to progress, followed by processes (21%) and technologies (11%). That said, 49% of people stated that their organisations find it difficult to share and produce actionable insights across multiple security platforms, such as threat intelligence, SIEM, vulnerability management and asset management.

Managing The Disconnect

What next, then, for the notable majority of companies who must improve their threat collaboration but find it difficult to do so? There are a range of reasons that cause this disconnect, varying from one organisation to the next, however, generally speaking, it is widely understood that silos – whether that be by team, data or technology – restrict effective communication and collaboration. This applies equally to cyber threat intelligence where silos severely impact the ability to identify and respond to imminent attacks.

Examining the data more closely, it reveals that the teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). A mere 23% of teams share threat intelligence day to day, 21% do so in real-time, 17% weekly and 14% monthly.

When we combine this lack of collaboration with other existing obstacles, whether they be culture or process-driven, the clear lack of awareness is putting many teams at a disadvantage from the off. That means fostering a better understanding of the role of effective intelligence and information sharing is the starting point for creating a more collaborative environment within specific entities and more broadly across the threat intelligence spectrum.

By collecting, analysing and spreading actionable intelligence, along with methods to mitigate threat impacts, organisations can become ‘stronger together’ and improve resilience together. Putting this into practice requires organisations to commit to coordinating their cybersecurity strategies to identify, mitigate and recover from threats and breaches.

This should begin with a process that defines the stakeholders who will participate in the collective defence initiative.

These can include anything from private companies and government agencies to non-profits and Information Sharing and Analysis Centres (ISACs), among others. For example, ISACs look to enhance predictive cyber defence and share mitigation intelligence on sector-specific threats, while securing member infrastructure and assets. The most efficient ISACs bolster overall security collaboration and drive improved outcomes by automating manual processes.

The Advent Of AI & Automation

AI has evolved dramatically in recent years and already plays a significant role in threat intelligence collaboration. Most importantly AI enables the automated identification, processing and dissemination of huge amounts of threat and remediation data.

AI technology is also being incorporated into detection and response solutions, where predictive security tools are providing security professionals with the revolutionary proactive capabilities they require to meet the sheer volume and complexity of cyberthreats, including real-time threat and behavioural analysis. What’s important to remember is that AI acts as both a dynamic catalyst for improving the quality and timeliness of threat intelligence information, and as a tool for turbocharging communication and collaboration. Given only a fifth of organisations presently share threat intelligence in real-time, AI has the potential to speed changes for the majority.

Currently, the disconnect between teams as well as the siloed use of security tools presents a significant risk to the successful delivery of threat intelligence.

Instead, what’s needed is a proactive, unitary approach where historically siloed functions become scalable and integrated, blending high-fidelity threat intelligence with operations for fast reactions. For example, deploying a Virtual Cyber Fusion Centre (vCFC) eliminates security silos by drawing discrete security functions together to proactively protect companies from threats. The vCFC provides integrated intelligence, response, orchestration and situational awareness resources, regardless of where teams are situated. That means they can effortlessly share and collaborate while removing the duplication of tools and data gathering.

Equipped with these resources, security teams can become more proactive in terms of threat identification, response and mitigation, containing incidents more quickly and enabling the collaboration and information sharing they need to thrive in a fast-moving world.

Dan Bridges is Technical Director at Cyware

Image:  Curated Lifestye

You Might Also Read:

Threat Intelligence: Most Prevalent Malware Rankings:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Criminal Communication App Taken Down
Medusa Ransomware Group: Delivering Sophisticated Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

National Cyber Force (NCF)

National Cyber Force (NCF)

The National Cyber Force (NCF) is a partnership between defence and intelligence.

Blackwire Labs

Blackwire Labs

Blackwire.ai is the first multidisciplinary cybersecurity advisor, powered by AI and trained by cybersecurity experts to enhance your team's capabilities and improve resilience.