Threat Intelligence Sharing Deals With Cybersecurity

In the ever-shifting landscape of cyber-threats and attacks, having access to timely information and intelligence is vital and can make a big difference in protecting organizations and firms against data breaches and security incidents.

Malicious actors are getting organized, growing smarter and becoming more sophisticated, which effectively makes traditional defense methods and tools significantly less effective in dealing with new threats constantly appearing on the horizon.

One solution to this seemingly unsolvable problem is the sharing of threat intelligence in order to raise awareness and sound the alarm about new attacks and data breaches as they happen. This way we can avoid major security incidents from recurring and prevent emerging threats from claiming more victims.

Threat intelligence sharing has risen in prominence, giving birth to initiatives such as the Cyber Threat Alliance, a conglomeration of security solution vendors and researchers that have joined forces to collectively share information and protect their customers. We’ve also seen government-led efforts, such as the Cybersecurity Information Sharing Act (CISA), which is meant to ease the way for businesses to join the threat information sharing movement.

The evolution of cyber-threat intelligence sharing is culminating in the development of platforms and standards that help organizations gather, organize, share and identify sources of threat intelligence. Cyber-threat intelligence is also shortening the useful lives of attacks and is putting a heavier burden on attackers who want to stay in business.

There’s still a long way to go, but the inroads made are already showing promising signs. 

Dealing with constant changes in the threat landscape

Information gleaned from internal networks and virus definition repositories can serve as sources of threat intelligence, but much more needs to be done to deal with the constant stream of malicious IPs and domains, hacked and hijacked websites, infected files and phishing campaigns that are being spotted on the Internet.

“Today’s cyber threat landscape is polymorphic in nature — constantly changing and making it nearly impossible to detect with traditional security approaches,” says Grayson Milbourne, Security Intelligence Director at cybersecurity firm Webroot. The company’s 2016 Threat Brief has found that 97 percent of 2015’s malware have been seen on a single endpoint, and more than 100,000 new malicious IP addresses are launched every day.

“Given the evolution of malicious code and constantly changing environments, it’s critical that security controls adapt quickly and dependably,” Milbourne says, and he underlines the need to stay ahead of current threats and be able to predict future attacks, which can be achieved through the use of a collective threat intelligence ecosystem.

Many tech firms are now offering security solutions founded on the cyber-threat intelligence sharing concept. Webroot’s own proprietary intelligence sharing platform, BrightCloud, gleans threat intelligence from endpoints and combines it with input from security vendors to provide valuable real-time insights into threats and greater visibility into the behavior of an attack.

Threat intelligence sharing should become an essential aspect of any organisation’s security program.

The threat intelligence sharing trend has led other leaders in the tech industry to adopt similar initiatives. Last year, IBM declared its own threat intelligence sharing initiative, X-Force Exchange, a cloud-based platform that extends the tech giant’s decades-old security efforts and allows the clients to share their own intelligence in order to accelerate the formation of the networks and relationships needed to fight hackers.

“This community-based approach enables security teams to associate and uniquely protect one another from threats in real-time,” Milbourne explains. “As soon as a threat is detected on one endpoint, all other endpoints using the platform are immediately protected through this collective approach to threat intelligence.”

Overcoming the challenges of threat intelligence sharing

Threat intelligence sharing comes with its own caveats and presents a few challenges. “In many cases,” says Jens Monrad, Consulting System Engineer at cybersecurity firm FireEye, “organizations end up with a lot of data, sometimes just raw, unevaluated data, which end up adding an extra burden to their security team, increasing the number of events and alerts rather than decreasing it.”

Collaboration between industry peers can help improve the relevance and quality of the shared intelligence, because threats and attacks are often targeted at specific sectors such as finance, banking or retail. This way, industry leaders can better understand the threat landscape and gain insights into practices deployed by others in the industry to better safeguard their own organizations.

Instances of industry-level threat sharing efforts include the recent launch of a portal for ICS/SCADA threat sharing among nations, which took place in the aftermath of the unprecedented cyber-attack against Ukraine’s power grid.

FireEye has implemented this model with its Advanced Threat Intelligence Plus platform, which enables clients to develop threat sharing communities with trusted partners. The cybersecurity firm recently partnered with Visa to develop a joint threat intelligence initiative for Visa’s customers, which focuses on cyber-threats toward Visa and its customers.

Business, privacy and legal concerns are also proving to be barricades in efforts to share threat information. As Scott Simkin, Senior Threat Intelligence Manager at Palo Alto Networks points out in an op-ed, security vendors have been previously loath to share information to avoid losing the competitive edge, private companies fear inadvertently sharing sensitive customer information and government agencies have strict controls on the information they share.


Some of these issues can be dealt with through the use of standards, such as STIX, TAXII and CyBox, a set of free, available specifications that have standardized threat information and help with the automated exchange of indicators of compromise (IOC) and other relevant data without leaking personally identifiable information (PII).

The CISA legislation has also helped overcome challenges by lifting some of the liabilities firms and organizations would otherwise be exposed to if they shared data about security incidents.

As for the business side of things, the sheer number of new threats that are being identified on a daily basis is slowly convincing vendors that sharing threat intelligence may prove to be the only way they can protect their interests.

Beyond threat intelligence sharing

The evolution of the cyber-threat landscape has reached a point where it is beyond any individual or organization to defend themselves and their interests against the ever-shifting array of threats. “It is only a matter of when they will become victims of cyber-attacks — not if,” says Chris Doggett, SVP of Global Sales at Carbonite.

This issue can only be addressed through a pooling of efforts that expands beyond the disciplines involved in dealing with cyber threats, Doggett suggests, which should include “sharing cyber threat intelligence, collaborating to minimize vulnerabilities, gaining consensus on global standards for acceptable conduct in cyberspace, and international cooperation to enforce local laws and international standards.”

This is an approach that has been recently put to test in fighting the rising threat of ransomware, which has been growing at an explosive rate and is causing millions of dollars in damage to victims. A collective effort is being led between government agencies, cybersecurity firms and law enforcement to provide effective protection from ransomware, offer recovery solutions and disarm and apprehend the criminals behind the attacks.

On the protection level, tech companies are constantly sharing information about ransomware attacks to better understand how to avoid it and improve the efficacy of security and anti-malware tools. In tandem, efforts are being led to improve data protection and recovery solutions, such as cloud backups and data integrity tools, and security firms are working on solutions to crack the encryption algorithms of specific types of ransomware and disarm them for good.

Security researchers are also collaborating with regional and national law enforcement agencies to track and arrest the cybercriminals involved. An example of such efforts is Kaspersky Lab’s cooperation with the Netherlands Tech Crime Unit to apprehend the individuals behind the CoinVault and BitCryptor campaigns.

Carbonite is working to develop its own proprietary tools to help track malware attacks and respond to them faster and more effectively. “Based on the data we have gleaned, research, and the information sharing with others in this space,” says Doggett “we are now in a position to participate actively from a thought leadership perspective and do our part to arm all users and organizations with knowledge and tools which we believe will allow them to avoid becoming victims of ransomware attacks in the future.”

Sharing is caring

Cybercriminals have been sharing knowledge, tools and experience for a long time, which has lent to their success in staging major data breaches over the past months and years. It’s long past time that the tech community follows suit and teams up to improve general security and mitigate threats to individuals and organizations.

Threat intelligence sharing is already helping detect threats in real time and protect users from malicious encounters. It should become an essential aspect of any organization’s security program if we are to deal with the threats of the future.

TechCrunch

« The Nation State Hack-Attack
Ukrainian Hacker Pleads Guilty to US Insider Trading Charges »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

Radar Cyber Security

Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

Prizsm Technologies

Prizsm Technologies

Prizsm is a computational storage capability that provides flexible, easy-to-use, resilient solutions for quantum-resistant, hyper-secure cloud storage and communications.