Threat Intelligence-Austausch

The Cyber Defence Alliance (CDA) is a non-profit public private partnership that works collectively and collaboratively across the financial sector and law enforcement to pro-actively share information to fight cybercrimes and threats. They analyse information turning it into actionable intelligence for industry and law enforcement. The CDA is led by industry for industry, with the rationale that an attack against one bank is an attack against all and that security is not a competitive advantage. The cornerstone of the CDA is trust and trusted relationships, which leads to the sharing of information and resources.

Intelligence sharing communities are recognized as one of the best defenses against cyber threats and attacks. And organizations are no longer alone in this hostile environment – members are ‘trust-sourcing’ threat indicators for analysts to research, scrub and anonymize, yielding actionable intelligence for dissemination in real and near-real time. Energy Analytic Security Exchange (EASE) provides intelligence and information sharing services to utilities companies and organizations related to the electric grid.

The Energy Sector Security Consortium, Inc. (EnergySec) is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures. Through our membership program, we support collaborative initiatives and projects that help enhance the cybersecurity resiliency of these organizations. Today, our community includes more than 5000 individuals representing more than 500 organizations. The development of the EnergySec information sharing efforts and workforce development remain a key focus areas of EnergySec as it continues to develop programs and other efforts to meet the needs of the energy sector into the future.

Global Resilience Federation supports and connects intelligence sharing communities. GRF is a not-for-profit intelligence provider and hub for cyber and physical threat sharing between ISACs, ISAOs and CERTs from many different sectors and regions around the world. Many industries have their own threat sharing organization, but threat actors no longer target sectors one at a time. Malicious campaigns often infiltrate many industries at once, or use one to backdoor into another. GRF creates new sharing communities, and connects existing industries to broaden their security footprint and provide for the common defense.

H-ISAC is a trusted community of critical infrastructure owners and operators within the Health Care and Public Health sector (HPH). The community is primarily focused on sharing timely, actionable and relevant information with each other including intelligence on threats, incidents and vulnerabilities that can include data such as indicators of compromise, tactics, techniques and procedures (TTPs) of threat actors, advice and best practices, mitigation strategies and other valuable material. Sharing can occur via machine to machine or human to human. H-ISAC also fosters the building of relationships and networking through a number of educational events in order to facilitate trust. Working groups and committees focus on topics and activities of importance to the sector and services such as CYBERFIT® offer enhanced services to leverage the H-ISAC community for the benefit of all.

The Investment Association (IA) of the UK is helping its members in the fight against cybercrime with IA-TITAN, a threat intelligence sharing community powered by Anomali that enables members to centralize a range of data and intelligence on UK-relevant cyber hazards and risks from their asset management industry peers, law enforcement, and government agencies.

Legal Services Information Sharing and Analysis Organization (LS-ISAO) is a member-driven community that shares threat and vulnerability information among member firms for their mutual defense. To prevent and respond to cybersecurity incidents, it also partners with leading sources of threat intelligence including other sharing communities, governments, and private security vendors. In daily practice, firms work together with in-house ISAO analysts to enrich and share actionable security information to secure firm systems, IP and client data. LS-ISAO and its partners exchange an average of 4,500 reports per year, on topics ranging from phishing campaigns and ransomware threats, to BEC attacks and APT activity. Its automated sharing platforms have access to million of Indicators of Compromise that are parsed into tens-of-thousands of industry-specific threat indicators every month.

The Multi-State Information Sharing and Analysis Center® (MS-ISAC®) is the U.S. Department of Homeland Security’s (DHS) recognized resource for collaborative cyber information sharing and analysis among U.S, State, Local, Tribal, and Territorial (SLTT) government entities. CIS® is home to the MS-ISAC. The MS-ISAC is a voluntary and collaborative effort based on a strong partnership between CIS and the Office of Cybersecurity and Communications within DHS. The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response and recovery for the nation’s SLTTs. Through its state of-the-art 24x7 Security Operations Center, the MS-ISAC serves as a central resource for SLTT cybersecurity situational awareness and incident response.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

With the rise of cyber threats to Oklahoma, the Office of Management and Enterprise Services (OMES) has established the Oklahoma Information Sharing and Analysis Center (OK-ISAC). The main objective of the Center is to mitigate cybersecurity risks across Oklahoma by providing real-time monitoring, vulnerability identification, incident response and threat intelligence to its members and partners. The OK-ISAC will enhance information sharing across Oklahoma and improve cyber resilience at all levels of participation—local, regional and national.

SANS Institute is the most recognized and trusted resource for cybersecurity training, and certification. SANS Affiliate Program is a comprehensive partnership with SANS, focused on educating and enlightening the SANS community on their latest services and techniques.

UBF-ISAC aims to enhance the understanding of threat intelligence, showcase the value of collaboration, and provide ongoing training. The ISAC is powered by the Anomali ThreatStream platform, which helps to order and interpret the ever-growing amount of threat data available to organizations from internal and third-party sources. Founding members include HSBC, CBD, ADCB, Barclays, CBI, Citibank, ENBD, FAB, Mashreq, Noorbank, SCB, ADIB, and NBF. Professional body UBF and the ISAC is set to grow in a phased approach to encompass all UBF’s member banks.