Things are really gearing up in the security industry around the concept of security collaboration and threat intelligence sharing. We are aware of the importance of threat intelligence to mitigate the increasing sophistication of cyber threats, 75% of firms see this as a top priority according to Forrester research. However, the sharing of this threat intelligence data is now also starting to be understood as a vital part in our arsenal against the cyber criminal gangs that are springing up.
Several analysts, specialising in the area of security intelligence sharing, have identified this as a strategy that can truly optimise gathered information on security issues and threats. Christina Richmond of IDC, for example, has described the concept of sharing security information, “Threat intelligence is essentially a community activity,” And this view of this new security strategy is being borne out by expected market spend of around $1.4 billion by 2018.
The analysts are not alone. The U.S. federal government directive, the Cyber Information Sharing Act (CISA) has been enacted to encourage cyber security intelligence information sharing both between the US government and the private sector and amongst private companies themselves. However, it is all well and good, to have analysts and government officials decide that we should be sharing information between our organizations, the trouble is…can we do it in a secure way with privacy upheld?
A Strategy for Sharing
The first thing is to get your own house in order. One of the main issues that is preventing, or at least obstructing, threat intelligence sharing, is fear. Fear of releasing the wrong data, fear of sensitive information being released to the wrong company or person and fear of overexposure.
KYD: The first line that must be drawn in the sand is to Know Your Data, the four tenets of your security data processes are:
- What data you have
- Where that data is stored
- Where that data goes
- Who it goes to
One way to understand the interconnectedness of your security data and how it flows is to create a data map. You can use a variety of software tools to do this, including Visio. Using these tools you can create a simple overview of the four tenets of KYD.
Once you have an understanding of KYD you can then apply asset categories to your data. This lets you easily identify the security status of the data, its sensitivity, any privacy issues that may exist for that specific data and its importance to the organization, for example is it intellectual property.
KYA: The next part of the challenge is to Know Your Actors. This lets you determine who your key players in the security data processing chain are. This should include all operators, including stakeholders throughout the extended chain.
The next important stage is to bring KYD and KYA together by mapping them. As part of this exercise, you should create a data repository. This repository needs to work on a privileged access basis. This mapping exercise should encompass all stakeholders within your data process and risk value chain; this includes employees, consultants, supply chain members, external service providers, managers and your customer base.
Mapping is a process that looks at how each of these stakeholders impact the data process itself. Mapping helps you to evaluate the regulatory exposure you have in terms of compliance standards such as Data protection liabilities, SOX, Basel and so on. It also allows you to look at any privacy implications and might encounter and even give you a view of any antitrust law issues that may reveal themselves when sharing these data.
A Secure Sharing Architecture
Once you understand the details of your assets and have mapped their privileges, you can begin to create an environment in which you can share threat data. These data will flow both ways, outwards from your organization to others and inwards from other associated companies. To prepare for this you need to have the right type of architecture in place. This architecture is a ‘sharing eco-system’. The eco-system is built on the ability to serve multiple sharing streams, in different communities serving all different data sourcing functions in the organization, maintaining high level of security and supporting Privacy by Design (PbD) principles. This means that information is released on a need to know basis and using privileged access rights based on recognised data ownership.
Ultimately, a platform that allows this two way flow of potentially sensitive data needs to be aligned with regulation. The architecture needs to manage this fundamental requirement using audit and MI reporting. This not only allows you to maintain security and keep watch over the data flows, but it also allows fine tuning of the system by reacting to audit results and changing parameters to improve the overall handling of data – in other words, you have a way to measure the effectiveness of the shared threat intelligence.
Moving Forward into the Sharing Eco-System
Threat intelligence sharing amongst industry partners is happening. A 2015 report into security collaboration by Enterprise Strategy Group (ESG) has shown that 45% of U.S. enterprises share threat intelligence data with other companies on occasion and 37% share this information regularly. The report also showed that more companies were looking to start sharing threat intelligence data. Sharing threat intelligence in a theatre of secure collaboration is a positive move forward in a landscape of sophisticated cybercriminals, who are only increasing their arsenal and upping their game. To compete we have to innovate, working together for a common goal is the pivot upon which this innovation will happen. Making sure that we do this from a standpoint of confidence in our own affairs, not only gives us the freedom to share, but the peace of mind to make optimal use of received shared threat intelligence for our own organizational benefit.
Latest posts by Kobi Freedman (see all)
- Data Sharing Technology Revolutionizes Healthcare - March 14, 2016
- Data Sharing Gets a Ride: How Popular Ride-Sharing Apps Influence Policy On Sharing - March 1, 2016
- Data Ownership Questions Answered by Decentralized P2P Platforms - February 18, 2016