Knock Knock, Who’s there? Threat Intel!
Tactics, T • Feb 28, 2019
We use cookies to improve your experience. Do you accept?
Tactics, T • Feb 28, 2019
When it comes to Cyber Threat Intelligence (CTI), the focus should be not only on the collection of information from various sources but also sharing crucial threat information among peers.
When an organization is targeted by cybercriminals, the security teams respond and mitigate the threat, by gathering key insights about the threat actors & their TTPs, and then taking the right measures to block them. If the threat information and other insights gained by the security team is shared with peer organizations, government agencies, sectoral ISACs, customers, vendors, and other ecosystem partners, then it can help them avoid the threat in advance.
However, most organizations are quite restrained when it comes to sharing threat information. Due to the complex multi-stakeholder environment, organizations often follow a lengthy process before releasing any details about a cyber incident. The reputation of public or private organizations can also be affected by the disclosure of such details.
This limits the collaboration between security teams from various organizations as they cannot communicate and prevent further incidents across the industry, without sharing any threat information. The efficacy of CTI operations is also impacted due to such circumstances.
To address this crucial issue, Cyware Threat Intelligence eXchange (CTIX) now enables members to share threat intel from a variety of sources, through anonymous submissions at the click of a button. The automatic anonymization ensures that the platform does not store any information related to the member who shares the information, thus keeping them completely anonymous.
It should be noted that anonymizing the information and the identity of the source is a well-known concept practiced by most organizations while sharing threat information. However, this used to be done manually by the analysts at the Security Operations Center (SOC). But now, with this new feature, each CTIX-based TAXII client will be able to automatically anonymize the information before sharing it to the central hub, thus protecting the organization's identity before any information leaves their perimeter.
Since CTIX provides a hub-and-spoke model for intel sharing, any member can share Indicators from their Intel Feed to all other members connected to the same hub.
With the Anonymous Submissions feature, members can share Indicators, Vulnerability, TTPs, Malware, or any other intel, without fear of identity exposure or attribution. Members can also share custom STIX packages and collections from the rules created for tracking threats via anonymous submissions.
Anonymity ensures that an organization does not feel apprehensive due to the risks associated with sharing their identity while communicating threat information with others. Thus, CTIX now further boosts the collaboration in CTI operations through anonymous information sharing, thereby eliminating the factor of risking out an organization’s reputation.