bird cage for blog

Buying A Feed Is Not ‘Information Sharing’

Kobi Freedman Enterprise

The Fundamental Difference Between Consuming Intelligence & Sharing It

The rapid evolution of threat intelligence solutions over the last few years along with the increasing awareness of advanced threats to organizations has created muddle, confusion  and false assumptions about what problems are solved through which product offering. For example,  many CISOs falsely assume that purchasing an intelligence feed will also provide the necessary solution for for their information sharing needs.

Though many intelligence feed vendors provide very useful and valuable information, all vendors are challenged by the need for constant updates, achieving low false-positive rates and relevancy to the customers. These challenges led many feed providers to offer ‘information sharing’ hubs and declare that they have the best actionable intelligence feed based on ‘collaboration’ which will provide feedback, create context and thus reduce false positive rates.

Unfortunately in actual fact, no one really uses theses vendors’ collaborative offerings in any meaningful way, mainly due to lack of trust in those platforms. It is no surprise and very reasonable to assume (and fear) that  if you purchase intelligence from a feed vendor, the data you share through this platform will eventually be acquired by someone else.

Your Data May Well End Up In Someone Else’s Feed

When you provide your sensitive data to a centralized hub you need to take into consideration that your data might end as someone else’s feed. All threat intelligence providers are based on data commercialization models which rely on constant data gathering and reselling. Using those sharing ‘hubs’ exposes the data to the vendor and naturally, to the other hub users as well. More about this in our previous blog on ‘Who owns your data’.

Information sharing is indeed crucial for better intelligence, mitigation and remediation. Therefore,  as security experts we need to distinguish between data that we can share in places which could end up exposing the data to unintended parties, and data which must remain discreet either for regulation, privacy or sensitivity reasons.

Starting Point For Effective Information Sharing

As part of the evolving regulatory ecosystem in the US and globally, every enterprise and every CISO will need to develop and embrace a cyber-related sharing strategy. The starting point in forming this strategy is understanding your data sensitivity, regulatory implications in terms of privacy, data protection, TBDF (Trans-Border Data Flows) limitations, your specific sector regulations and self compliance standards. Only after mapping those implications can you move onto designing the ecosystem of tools and processes you need to enable your organization to share information effectively.

The following two tabs change content below.
Kobi Freedman

Kobi Freedman

Founder & CEO at Comilion
Kobi Freedman is the Co-Founder and CEO of Comilion, pioneering the collaborative security segment by developing an infrastructure for exclusive sharing networks in regulated and highly sensitive environments. Kobi has been immersed in the cyber security arena for over 15 years. Starting out in the IDF and following on with private sector, he participates in numerous Israeli and global policy workgroups that set the standards for cyber defense.