Page 26 - Cyber Defense eMagazine - December 2017
P. 26

There are also some organizations that fear the possibility of revealing a breach, which
               makes them reluctant to contribute to threat sharing initiatives. The reality is that while it

               may  not  be  ideal  for  other  organizations  to  know  you’ve  been  compromised,  it’s
               important that you spot a breach sooner rather than later, even if that comes through

               intelligence sharing. Pushing out breach details quickly can help bring quicker answers

               to  incident  response  challenges  thanks  to  the  additional  resources  from  other
               organizations adding their skills and expertise to the event.


               For organizations that are hesitant to share intelligence but are looking for simple ways

               to contribute, there are a wide variety of options. A simple first step is identifying tools
               and communities you can leverage. ISACs are easy to get involved in and typically have

               mechanisms  in  place  to  ease  threat  sharing.  You  can  also  establish  partnerships
               beyond your vertical through localized entities such as Fusion Centers or use standards

               like STIX and TAXII to streamline the process of sharing. There are a number of free

               tools available that can help you to both contribute to and receive from common threat
               feeds.


               By democratizing threat intelligence, organizations can pass information more quickly,

               make  better  judgements  and  deliver  more  insightful  analysis  to  stakeholders  and
               intelligence consumers. Changes to malware, infrastructure, new tools, new techniques,

               actor  behaviors,  campaigns,  and  other  intelligence-related  details  can  all  become
               quickly  known  across  a  multitude  of  organizations.  Ultimately,  the  bad  guys  may  be

               trying to compromise single organizations but are battling a collective in the process.


               About the Author

                                              Travis  Farral  is  the  Director  of  Security  Strategy  at
                                              Anomali.    He  has  a  degree  in  Electrical  Engineering
                                              Technology  from  Devry  Technology  Institute.    He  holds
                                              numerous  security  certifications  including  CISSP  GPEN
                                              GSEC  GCFA  GCWN  GCIA  GCIH  MCITP  -  Enterprise
                                              Administrator  MCITP  -  Server  Administrator  and  can  be
                                              reached either at Anomali or on LinkedIn here:

                                              https://www.linkedin.com/in/travisfarral/




                   26    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   21   22   23   24   25   26   27   28   29   30   31