- CISO Series Newsletter
- Posts
- 07-02-20 - I'll Show You My Threat Data If You Show Me Yours
07-02-20 - I'll Show You My Threat Data If You Show Me Yours
I'll Show You My Threat Data If You Show Me Yours
This week's episode of Defense in Depth
Shared Threat Intelligence
On this episode of Defense in Depth:
Co-host Allan Alford and sponsored guest, Joel Bork, senior threat hunter, IronNet Cybersecurity, discussed:
We all benefit from sharing threat intelligence, so why don't we do it?
If threat data is public, is it useful? The argument is that if the good guys know about the threat intelligence, then all the bad guys know as well. But that's if it's in a public forum.
If threat intelligence was shared in a more rapid, comprehensive, and secure manner it would have more utility.
Sometimes the "intelligence" a company first gets is just a data feed.
There has to be a greater discussion of the risks of sharing as compared to the upside. Often, it's so easy to shut the doors and not share with the benefit never calculated into the equation.
When an organization is in the middle of their security maturity curve, they hold all their data as close to their chest as possible. As they continue on their journey and continue to learn lessons along they way, they begin to understand that collaboration will help the community as a whole - including themselves.
Threat data is really not what professionals need. What they need is intelligence. And this requires a way to onboard and make sense of the data on its own and in aggregate and over time.
Each of us are collecting different pieces of the threat landscape puzzle. If someone doesn't provide their piece, then we have an incomplete puzzle and there are now holes in our knowledge and ability to protect ourselves.
Threat intelligence does not hold the same weight for every user. What's valuable to someone may not be of value to another. And you may be holding onto that data that you don't necessarily think is valuable.
You want threat intel to be actionable, not necessarily responding automatically.
We spoke of threat intel with the analogy of animals traveling in herds for protection. The attackers often pick off the weak ones, but when everyone is working together, the stronger animals can actually protect the weak.
Even with everything we know and value with shared threat intel, there is still a ton of paranoia around sharing. While there is lots of discussion about data not being identifiable, most choose to opt out of sharing threat intel.
Thanks to this week's sponsor of Defense in Depth, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on
.
Upcoming CISO Series Video Chats
Next Friday [7-10-20] Hacking Passwords
for an hour of critical thinking on eliminating password failure and improving access with my guests Ori Eisen, CEO, Trusona and Alex Manea, former CSO, Blackberry and now chief security and privacy officer, Georgian Partners.
As always We'll have an active chat room and we'll be playing our best bad idea game, "Department of YES". And it all starts at 10 AM PT/1 PM ET.Huge thanks to our sponsor, Trusona.Register for our future Friday video chats.7-17-20: Hacking Active Directory7-24-20: Hacking Automation
Best Moments from “Hacking Tool Optimization” Video Chat
Here are seven minutes of the best moments from “Hacking Tool Optimization: An hour of critical thinking on improving the efficiency of your security products”.
To watch the entire video chat and see the discussion, go here. Check out the blog post to watch the video highlights, plus a few notable bad ideas and the best quotes from the chat room.
Joining me in the discussion were Chris Kennedy, CISO, AttackIQ and Craig Goodwin, chief trust & risk officer, Fujitsu.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.