Page 39 - Cyber Warnings
P. 39
5. What can we share with and learn from other companies in our industry?
Attackers learn from each other. But many organizations do not share threat data IOCs with one
another. The reasons for not participating in an evaluated, trusted circle are many, but most
have to do with fear. Not wanting to let others know that you may have experienced a breach
and they liability around sharing are the two we hear the most often.
Not sharing information doesn’t lead anyone to think you’ve never had an incident or been
breached. A good threat intelligence platform provides a trusted link to a wealth of knowledge
from other companies in your industry vertical or across a supply chain. Sharing should be
encouraged.
Summary
Making threat intelligence data useful requires a robust threat intelligence platform that can off-
load correlation IOCs with log data from the SIEM. A proactive approach to cyber security
means finding threats before they become a problem.
This is a necessary step for making tens of millions of active IOCs useful for threat hunting. This
tactic is effective and aligned across threat analysts, SOC personnel and incident responders.
Make everyone a threat hunter by unleashing your entire security team’s creativity but keep it
efficient through active prioritization and inside the bounds of what matters to the organization.
About the Author
Mark Seward, a Certified Information Systems Auditor (CISA), has more than 15 years of
experience as a security practitioner and has held a number of leadership positions in product
management.
Prior to joining Anomali, Seward served as the senior director, security and compliance, at
Splunk, where he was responsible for security use-case messaging for the company's real-time
operational intelligence product. His tenure has also included positions at Symantec, Qualys
and LogLogic.
Mark has a Master of Science degree in information technology from the University of Maryland
and holds a federal chief information officer certification.
39 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
