The Power of the Crowd: 3 Approaches to Sharing Threat Intel

Crowdsourced intelligence can help you build a stronger, more informed cyberdefense. Here’s how.

Adam Vincent, Chief Executive Officer & Founder, ThreatConnect

April 4, 2017

4 Min Read
Dark Reading logo in a gray background | Dark Reading

In today’s cyber landscape, threats move and change faster than ever, making a quick and effective response to a potential intrusion critical. But, according to EY’s latest Cyber Threat Intelligence Report, 36 percent of companies surveyed report that it’s unlikely they would be able to detect a sophisticated attack.

To help solve this problem, cybersecurity experts often look outside their own organization for intelligence to help them diminish a cyber attacker’s advantage. The fact is, the only way to really change the game in cybersecurity response, and even threat prevention, is to understand how the adversary works, what their end goal may be, and to predict where they might go next. Unfortunately, this battle is nearly impossible to win alone. It requires intelligence from a variety of sources, with the power of the crowd being an integral piece of the puzzle.

Connected Communities
Crowdsourcing intelligence in cybersecurity means connecting a community of similarly trained, like-minded, and trusted individuals and organizations to solve the problem of a specific threat, adversary, or industry target. There are some amazing organizations leading the edge in threat intelligence sharing and collaboration such as The Arizona Threat Response Alliance, Inc. (ACTRA). ACTRA is a hub for collaborative cyber information-sharing between partners, industry, academia, law enforcement, and intelligence. It’s a prime example of how cyber information sharing across industries can help all the organizations involved analyze critical, real-time data in a quick, neutral, and cost-effective manner. In this case, ACTRA’s crowdsourced threat sharing enables more effective responses to cyber threats across Arizona’s critical infrastructure and key resources.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest threat intel trends and best practices.]

While threat sharing is occurring to a certain degree today through open source tools and even across a handful of industry groups, there is still much room for improvement to create truly crowdsourced threat intelligence sharing. Threat intelligence sharing as we know it today is hindered by manual tracking and analysis, as well as ineffective sharing models, analytic standards, and reporting vehicles that don’t disseminate accurate and actionable intelligence in a timely manner.

So, how can more organizations overcome the obstacles to sharing – and most especially the constraints on time? Here are three industrywide approaches that can grease the wheels for sharing:

  1. Learn from others. Make use of existing Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), such as the recently launched Sports ISAO, which shares intelligence to protect athletes, facilities and event sponsors from cyberattacks. Joining an ISAC or an ISAO is a great introduction to internal teams, such as legal, who may be apprehensive about the intel sharing process. The established standards and processes of these groups make it easier to gain executive level buy-in.

  2. Leverage analytics. Rather than looking at one incident at a time and then drawing conclusions to share, it’s better to use data science and analytics to surface the most relevant threats, especially when all indicators and other threat intelligence is maintained in a single database, Of course, you can do this with your own data, but storing data in a platform where it can be compared against other sources, will greatly increase your chances of surfacing threats.

  3. Orchestration and automation. In an under-staffed industry like cybersecurity, it is not surprising that many people are looking to orchestration for efficiency with use cases like pushing indicators to the firewall. Now, imagine applying that power to threat intelligence sharing. You could create set rules to push the information out to your partners automatically.

It wasn’t so long ago that you couldn’t go a day without seeing an article on how the secret to getting ahead of cyberthreats was sharing. While in theory that worked, it didn’t go very far. It was all just too hard. But, crowdsourcing threat intelligence - gathering it all in one place, leveraging analytics to process it and using orchestration to share it further - has real potential to make this a reality.

Related Content:

 

About the Author

Adam Vincent

Chief Executive Officer & Founder, ThreatConnect

Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company's creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations, and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, three children, and dog.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights