The Fundamental Difference Between Consuming Intelligence & Sharing It
The rapid evolution of threat intelligence solutions over the last few years along with the increasing awareness of advanced threats to organizations has created muddle, confusion and false assumptions about what problems are solved through which product offering. For example, many CISOs falsely assume that purchasing an intelligence feed will also provide the necessary solution for for their information sharing needs.
Though many intelligence feed vendors provide very useful and valuable information, all vendors are challenged by the need for constant updates, achieving low false-positive rates and relevancy to the customers. These challenges led many feed providers to offer ‘information sharing’ hubs and declare that they have the best actionable intelligence feed based on ‘collaboration’ which will provide feedback, create context and thus reduce false positive rates.
Unfortunately in actual fact, no one really uses theses vendors’ collaborative offerings in any meaningful way, mainly due to lack of trust in those platforms. It is no surprise and very reasonable to assume (and fear) that if you purchase intelligence from a feed vendor, the data you share through this platform will eventually be acquired by someone else.
Your Data May Well End Up In Someone Else’s Feed
When you provide your sensitive data to a centralized hub you need to take into consideration that your data might end as someone else’s feed. All threat intelligence providers are based on data commercialization models which rely on constant data gathering and reselling. Using those sharing ‘hubs’ exposes the data to the vendor and naturally, to the other hub users as well. More about this in our previous blog on ‘Who owns your data’.
Information sharing is indeed crucial for better intelligence, mitigation and remediation. Therefore, as security experts we need to distinguish between data that we can share in places which could end up exposing the data to unintended parties, and data which must remain discreet either for regulation, privacy or sensitivity reasons.
Starting Point For Effective Information Sharing
As part of the evolving regulatory ecosystem in the US and globally, every enterprise and every CISO will need to develop and embrace a cyber-related sharing strategy. The starting point in forming this strategy is understanding your data sensitivity, regulatory implications in terms of privacy, data protection, TBDF (Trans-Border Data Flows) limitations, your specific sector regulations and self compliance standards. Only after mapping those implications can you move onto designing the ecosystem of tools and processes you need to enable your organization to share information effectively.
Latest posts by Kobi Freedman (see all)
- Data Sharing Technology Revolutionizes Healthcare - March 14, 2016
- Data Sharing Gets a Ride: How Popular Ride-Sharing Apps Influence Policy On Sharing - March 1, 2016
- Data Ownership Questions Answered by Decentralized P2P Platforms - February 18, 2016