There are many ways to derive value out of threat intelligence, whether it be through a full threat intelligence platform, ingesting threat feeds, or simply leveraging threat intelligence features found in common security tools. One of the less adopted ways to benefit from threat intelligence is to share this information with other groups, which helps to reduce response time to events and enact preventative measures.
Industry-centric and government-led initiatives have led to a dramatic increase in the sharing of threat intelligence between governments, private organizations, and industries. Some of these include:
There are two types of sharing, each defined by who is sharing the information.
Unidirectional threat intelligence sharing - One entity produces and shares threat intelligence that others consume, and those consuming the intelligence do not contribute in return. Examples of unidirectional threat intelligence sharing include:
Bidirectional threat intelligence sharing - Intelligence is sent down to be consumed but can also be ingested from member organizations. Although sharing is allowed and encouraged in these programs, there is no guarantee that every organization will share anything.
Although threat intelligence is undoubtedly valuable, there are a few common concerns preventing organizations from engaging in sharing:
Whether your organization is already actively sharing intelligence or hasn’t begun doing so yet, here are some tips on where to get started or ways to enhance sharing that is already happening: