Addressing Critical Gaps in Threat Intelligence Sharing

By Dan Bridges, Technical Director at Cyware [ Join Cybersecurity Insiders ]
631

Almost all organisations agree information sharing and collaboration are crucial elements in the fight against cybercriminals. That’s a majority as high as 91% according to respondents from recent research. With so many in favour of teaming up, it looks like a united approach to cyber security could, at last, be on the cards.  And yet, the study also reveals 70% of participants said their organisations could share more threat intelligence, and only 23% thought they are currently sharing the right amount of information. Interestingly, only 2% believed they were sharing too much. So, it appears there is some way to go before security teams are equipped to exchange information more readily.

The study indicates there are several factors holding back organisations from developing effective threat intelligence sharing strategies. Over 51% of respondents felt that people were a large part of the problem, suggesting a change of mindset is needed within IT departments.  Far fewer attributed lack of progress to processes (21%) and technologies (11%).  On the face of it, it’s not tools and procedures that are at fault.  However, more telling, was a scarcity of knowledge about Information Sharing and Analysis Centres (ISACs), with 28% unaware of their existence. While over half of those surveyed (53%) said their organisation chose not utilise an ISAC, missing out on vital security information to manage cyber risk across different industries.

Taking full advantage of ISACs and threat feeds

Ramping up awareness of ISACs would help promote collaboration and ensure security teams get access to these valuable knowledge centres. Otherwise, they are missing out on an extensive range of expertise and timely notification of threats and vulnerabilities.  From international coverage to country, or industry-focused, and niche specialisms, their scope is comprehensive although they have different collaboration models, governance, and methods of funding. While the structure of each one varies according to their areas of interest and whether the stakeholders are primarily from public or private sectors, they are all driven by the common goal of protecting their members from cyber threats.

Additionally, taking in threat feeds and mitigation advice from a comprehensive variety of sources helps reduce incident response times, containing or preventing attacks that might otherwise have been difficult to detect. Incorporating this level of intelligence into security programs can increase analyst efficiency and strengthen the overall security posture of an organisation. That’s assuming the data received can be utilised effectively. Here again the survey highlighted the gap between how organisations would like to operate and the reality of trying to consolidate silos of data. Nearly half the respondents (49%) said their organisations struggle to combine and derive actionable insights across multiple security feeds and tools, such as threat intelligence, SIEM, asset management, and vulnerability management platforms.

Extracting insights across teams and platforms

In these circumstances, effective integration of security data is imperative to cut out manual assimilation work and extract meaningful intelligence for security analysts.  By deploying a virtual solution, such as a cyber fusion platform, organisations can automate the consolidation of security data, breaking down silos.

Similar to a physical location, a virtual fusion platform brings security functions together to combine efforts to proactively defend an organisation from cyber threats. But unlike bricks-and-mortar, a unified platform enables geographically dispersed and remote teams to share systems, data, and intelligence including context.

By enabling seamless automation and orchestration across the entire technology stack, a virtual cyber fusion centre (vCFC) heightens collaboration between security functions as well as across engineering, and IT operations workflows, leading to measurably better security outcomes.

Adding AI into the mix will increase momentum still further, with over a third (35%) of organisations already citing its positive impact on threat intelligence sharing. Massive data-crunching capabilities will speed up processing, analysis, and dissemination of actionable insights. It will enable security teams to unlock the full potential of their internal threat intelligence and response capabilities. Furthermore, exchanging such knowledge within sharing communities will empower others to protect themselves too.

Overcoming inertia by supporting collaboration

However, there may still be some work necessary to overcome inertia as, currently, teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). And, only 21% of teams share intelligence in real-time, 23% do so day-to-day, 17% weekly and 14% monthly.

With this in mind, business leaders will need to take action to fix any disconnect that exists between IT teams, or risk diluting the effectiveness of their cybersecurity initiatives. Organisations cannot afford to take a disjointed approach to cybersecurity, when there are scalable, integrated alternatives available.

Proactively supporting collaboration with like-minded communities will expand security knowledge and awareness across all sizes of enterprise. By breaking down the barriers that are stalling information sharing will help organisations continuously adapt and strengthen their cyber defences. Couple this with powerful new technology, like AI, to enable widespread, real-time sharing and security teams will be even better prepared to counteract cyberattacks swiftly and decisively.

Ad

No posts to display