Analecta Cyber Company Blog: Collaborating with Threat Sharing Groups

2018-05-29

Collaborating with Threat Sharing Groups

Collaborating with Threat Sharing Groups - Analecta-LLC Graphic Ongoing contact with security groups and associations, especially affiliated with your organization’s industry, can be a vital source of threat information. The threat landscape changes so rapidly that one organization in a sea of thousands has no chance of keeping up on their own. However, if industry-specific companies share their learned cyber threat information, they have a chance to shape what that threat landscape looks like.

A community benefit


It is ideal for an organization receive threat intelligence from a variety of sources. Sharing information across an industry is not necessarily a common business practice, but when it comes to security and threat activity analysis, everyone benefits. Cyber intelligence is the information that can help identify current and future security threats and contribute to your company making well-informed decisions.

Threat actors frequently change their methods of bypassing security measures or exploiting vulnerabilities, and will often use attack vectors that are known across the Internet or purchased on the Dark Web. Accurate and relevant threat intelligence can help you keep up-to-date about countless security threats, actors, methods and vulnerabilities. It can shape your approach for being more proactive toward future threats and help communicate to your organization the dangers and possible repercussions of certain security threats.

Think of cyber intelligence as the information that can help identify current and future security threats and contribute to your company making well-informed decisions.

Information sharing and analysis organizations 


In 2015, then President Obama directed the Department of Homeland Security to encourage the development of “information sharing and analysis organizations” (ISAOs) in order to promote private sector cybersecurity information sharing among small and medium-sized businesses (SMBs).

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) recommends that companies share threat information with groups or associations based on common business missions and functions. For most complete threat intelligence coverage, you will want information from different ISAOs to have a slight overlap. Otherwise, you may have intelligence gaps and an incomplete threat picture.

Information sharing and analysis organizations (ISAO) share cyber incident, threat and vulnerability info among its members. These organizations can be industry-based, sector-based, geography-based or any combination thereof. If an established group doesn’t already exist, guidance is available to start an ISAO specific to your company needs.

Finding the right fit


Industry-specific ISAOs can be found through the ISAO Standards Organization website as well as industry conferences and workshops. ISAOs at the state, local, tribal, and territorial (SLTT) government level are an excellent source of information pertaining to SLTT laws and regulations on cybersecurity. If existing ISAOs are inadequate for your organization or industry, the ISAO Standards Organization provides guidelines for how to start one’s own information sharing organization.

Secure first, then share 


Intelligence sharing contributes to making cybersecurity techniques more effective, but sharing should be done after you have made your networks secure. During an active threat, stop the compromise, patch the hole and bring your systems back to a pre-threat state. After remediation is complete and you are reviewing what happened, then share your findings with a list of indicators of compromise (IOCs).

Analecta and threat intelligence partnering 


Finding the right threat sharing group to partner with may seem like a daunting task, but Analecta is here to help. Our experts can work with you to find the right fit for your organization’s needs and specific threat intelligence interests. Email us at info@analecta-llc.com or visit our Cyber Security website.

Further Resources