December 2, 2015
Colby DeRodeff

Sharing Threat Intelligence: Why and How

<p>Threat intelligence is one of the biggest buzzwords in the security landscape. Although not new, in some ways, it is still a developing technology. As hackers become more sophisticated, so must our defenses. And, threat intelligence provides the best hope of staying on top of—and perhaps ahead of—cyber threats.</p><p><strong>Getting the Best Intelligence</strong></p><p>Forget “less is more” and “the more the merrier”—they don’t apply here. When it comes to threat intelligence and data, it is really about quality over quantity. All the data in the world is useless if you are unable to understand and analyze it.</p><p>Threat intelligence is on track to be the <a href="$FILE/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf"><strong>single most effective and popular form of cyber attack </strong></a>prevention, by taking internal and external data and aggregating it into a vast resource of usable information. Information sharing is the basis of this security solution—this is what enables us to be nimble and efficient. Acting on credible information from many sources as opposed to just your on-premise security gives you the edge you need against cyber attacks.<br/>  </p><p><strong>The Needs of All is Greater Than One</strong></p><p>There is no doubt that pooling resources creates a stronger barrier against threats, but is information sharing realistic? Due to fears of vulnerability and bad publicity, many organizations choose to fight security threats individually and stay tight-lipped about breaches. But as the criminal element and threat groups begin to work together sharing tools such as malware, we too, must work together.</p><p>When a business or organization has experienced a cyber attack, they learn highly valuable information that can be used to help others. Getting past fear and ego is the only way for security professionals to work together to create a united, proactive front.<br/>  </p><p><strong>Sharing is Caring</strong></p><p>Now that you understand why sharing is so critical, it’s time to explore how to go about sharing data. A threat intelligence platform allows information-sharing and promotes collaboration amongst cyber defenders. It is more than just a simple exchange of data; it must be timely, pertinent, and accurate. It also must allow organizations to sort and analyze data based on their industry, specific concerns or vulnerabilities.</p><p>While STIX or TAXII are free and community-driven, sharing information via these still must be done manually, which is time consuming and leaves room for error. Implementing an automated sharing tool eliminates human error, particularly when using a<a href=""><strong> high-level integration tool</strong></a> that allows you to take advantage of STIX/TAXII-derived information as well as that gathered via threat intelligence. ThreatStream is currently the only threat intelligence platform that is intended to serve all levels of an organization, fostering an in-house, team-based approach as well as a community-based information-sharing methodology.</p><p>So, once you have decided that information-sharing for the greater good of cybersecurity is right for your business, be sure to select a tool that simplifies and facilitates that process for you. For more information, <a href="{page_3458}"><strong>keep reading here</strong></a>.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.