The Power of the Crowd: 3 Approaches to Sharing Threat Intel Crowdsourced intelligence can help you build a stronger, more informed cyberdefense. Here's how.
In today’s cyber landscape, threats move and change faster than ever, making a quick and effective response to a potential intrusion critical. But, according to EY’s latest Cyber Threat Intelligence Report, 36 percent of companies surveyed report that it’s unlikely they would be able to detect a sophisticated attack.
To help solve this problem, cybersecurity experts often look outside their own organization for intelligence to help them diminish a cyber attacker’s advantage. The fact is, the only way to really change the game in cybersecurity response, and even threat prevention, is to understand how the adversary works, what their end goal may be, and to predict where they might go next. Unfortunately, this battle is nearly impossible to win alone. It requires intelligence from a variety of sources, with the power of the crowd being an integral piece of the puzzle.
Crowdsourcing intelligence in cybersecurity means connecting a community of similarly trained, like-minded, and trusted individuals and organizations to solve the problem of a specific threat, adversary, or industry target. There are some amazing organizations leading the edge in threat intelligence sharing and collaboration such as The Arizona Threat Response Alliance, Inc. (ACTRA). ACTRA is a hub for collaborative cyber information-sharing between partners, industry, academia, law enforcement, and intelligence. It’s a prime example of how cyber information sharing across industries can help all the organizations involved analyze critical, real-time data in a quick, neutral, and cost-effective manner. In this case, ACTRA’s crowdsourced threat sharing enables more effective responses to cyber threats across Arizona’s critical infrastructure and key resources.
[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest threat intel trends and best practices.]
While threat sharing is occurring to a certain degree today through open source tools and even across a handful of industry groups, there is still much room for improvement to create truly crowdsourced threat intelligence sharing. Threat intelligence sharing as we know it today is hindered by manual tracking and analysis, as well as ineffective sharing models, analytic standards, and reporting vehicles that don’t disseminate accurate and actionable intelligence in a timely manner.
So, how can more organizations overcome the obstacles to sharing – and most especially the constraints on time? Here are three industrywide approaches that can grease the wheels for sharing:
- Learn from others. Make use of existing Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), such as the recently launched Sports ISAO, which shares intelligence to protect athletes, facilities and event sponsors from cyberattacks. Joining an ISAC or an ISAO is a great introduction to internal teams, such as legal, who may be apprehensive about the intel sharing process. The established standards and processes of these groups make it easier to gain executive level buy-in.
- Leverage analytics. Rather than looking at one incident at a time and then drawing conclusions to share, it’s better to use data science and analytics to surface the most relevant threats, especially when all indicators and other threat intelligence is maintained in a single database, Of course, you can do this with your own data, but storing data in a platform where it can be compared against other sources, will greatly increase your chances of surfacing threats.
- Orchestration and automation. In an under-staffed industry like cybersecurity, it is not surprising that many people are looking to orchestration for efficiency with use cases like pushing indicators to the firewall. Now, imagine applying that power to threat intelligence sharing. You could create set rules to push the information out to your partners automatically.
It wasn’t so long ago that you couldn’t go a day without seeing an article on how the secret to getting ahead of cyberthreats was sharing. While in theory that worked, it didn’t go very far. It was all just too hard. But, crowdsourcing threat intelligence - gathering it all in one place, leveraging analytics to process it and using orchestration to share it further - has real potential to make this a reality.
Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a ... View Full Bio