June 16, 2015
Jason Trost

Threat Intelligence Platforms Should Encourage Sharing not Erode Trust

<p>There have been numerous high profile data and intellectual property breaches this year. In fact, multiple breaches are being announced almost every month.  One trend you may have noticed is ThreatStream as an organization has not commented about the specifics of these unfortunate events.  In addition, we have neither created posts nor worked with media to speculate about how these breaches occurred. ThreatStream has also not publicly shared indicators about these breaches for the purpose of marketing and PR like other vendors have. <br/> <br/> <em><strong>There is a reason for our absence.  </strong></em></p><p>ThreatStream believes that Threat Intelligence Platforms (TIP) should stay out of these marketing and PR campaigns about breaches especially when the victims are not the ones sharing the information.<br/>  <br/> When vendors create speculative marketing and PR campaigns about breaches without the victim’s cooperation, it sends mixed messages to the security community about the privacy of Threat Intelligence Platforms. For instance, the current media blitz intimates:</p><ul><li>Your sensitive intelligence and indicators could be used for marketing and PR campaigns</li><li>Breach blog posts are fine as long as they don't involve the platforms’ customers.</li></ul><p>Neither of these messages are acceptable. They will destroy the incentive for organizations to share sensitive information - when sharing is most valuable to the greater community.  TIP vendors that capitalize on a breach by exposing indicators and speculating without the victim’s cooperation, erode the trust that is required for these platforms to succeed.  These platforms should make their users feel comfortable sharing data at the appropriate TLP level and users should feel confident their data will not be used for a marketing and PR campaigns.<br/>  <br/> TIPs should encourage sharing intelligence within controlled communities of trusted and vetted users.<br/>  <br/> TIPs should not leverage data from their platforms for marketing and PR if it erodes trust.<br/>  <br/> Users of TIPs should not be worried their data will be made public for marketing and PR campaigns.  This will only hinder sharing - which ultimately hurts the overall security of our community.</p><p>At ThreatStream, we commit to our customers and the security community:</p><ul><li>We will not publicly comment on breach investigations unless the victim of the breach explicitly approves us to share what we know publicly.</li><li>We will not publicly speculate on how a breach was conducted or provide indicators/intelligence that lead to more speculation.</li><li>We will not use data from our platform or from our users for marketing and/or PR purposes when its use could erode the trust of our users.</li><li>We will continue to work with our vetted community, providing them with the most up-to-date intelligence to aid in their security investigations, monitoring, and prevention efforts within the appropriate channels as we have been doing since our inception.<br/>  </li></ul>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.