Blog Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

This week TruSTAR is excited to introduce Private Enclaves, a new feature that allows you to create a private group within TruSTAR for targeted incident exchange and collaboration. Reports submitted to an Enclave are only shared with members within that private group and correlated with other Enclave reports. All Enclave activity is only visible to members of that Enclave. Members of the Enclave can choose to remain anonymous or share as much attributable information as they want, given the higher level of trust within the private group.

Choose Share With Enclave Option During Submission

Enclave Reports Have an Orange Bar Next to them

The purpose is simple: enable TruSTAR customers that have something in common — an enterprise, a supply chain, an industry or even a risk profile — to form private groups to exchange and collaborate on incident information of specific interest to them all. However, this does not preclude Enclave members from viewing relevant reporting from the wider TruSTAR community. TruSTAR will correlate Enclave member reports with other incident reports shared by TruSTAR community and show pertinent correlations. You can then elect to share an incident more broadly in order to gain greater context.

Constellation shows correlations with relevant community reports

So how can you use Enclave?

Large organizations often have pertinent threat or incident information siloed within specific departments or across subsidiaries that may be first alerted to a problem. Sometimes there is a delay in exchanging information either because the relevance to others is not immediately recognized or simply because filing a report takes an understandable back burner to solving the problem. TruSTAR members can now form an Enclave within their own enterprise to ensure that the security, fraud, abuse and other associated teams collaborate as quickly as possible when an incident occurs. This not only streamlines reporting, but since all incidents submitted to the Enclave are correlated, it also automates some of the detective work needed to determine whether seemingly disparate events may be related and helps prioritize those incidents that may have the broadest operational impact.

This level of cooperation and collaboration among trusted affiliates can be extended even further. TruSTAR Enclaves can also be a cost- and time-efficient means of managing third-party risk and reducing the success rate of strategic, multi-step secondary attacks.

Whether it be spear phishing to gain access to user credentials, and then using those credentials to abuse a web application, or attacking a point-of-sale system by first compromising some secondary system, multi-step attacks that involve more than just a single victim seem to be on the rise. The attack on Target, which first compromised one of its smaller partners who had limited access to its external billing system, is the most high-profile and one of the more damaging, examples of such a third-party attack. This kind of strategic secondary attack is extremely worrisome for security executives who understand that no matter how advanced their security team may be, their company is part of a much larger ecosystem over which their direct influence only extends so far.

“In 70% of the attacks where we know the motive for the attack, there’s a secondary victim.” — Verizon 2015 Data Breach Investigations Report

But now, executives can invite their key suppliers and partners to TruSTAR and form an Enclave to exchange incident information among their partner ecosystem. Larger companies, who may be the primary targets of a secondary attack, can use their often deeper security expertise to provide early warning of troubling attack patterns to those in their ecosystem, as well as quickly learn when key partners are targeted or compromised so they can be proactive in adjusting their defenses. For large companies with sophisticated security operations, sharing incident information is one way to extend your reach and bolster the security expertise of your smaller suppliers who may not have access to the same defensive resources. Further, the availability of incident data combined with the power of TruSTAR’s correlation technology can provide unprecedented visibility into attack patterns across seemingly disparate targets within your partner ecosystem and the broader TruSTAR community. The goal is to help you identify and mitigate potential multi-step, secondary attacks on your business before the damage is done.

Enclaves are easy to setup and manage. Current and potential customers simply need to contact TruSTAR to get started. We can’t wait to work with our customers to see what other use cases they uncover for this flexible platform feature. Contact us today to learn more or sign up.

For a more detailed FAQ please visit the TruSTAR wiki.

Improved Submission Workflow on TruSTAR Improved Submission Workflow on TruSTAR One of TruSTAR’s key differentiators is the ability to extract and normalize indicators from structured or ... Read More
TruSTAR Announces New MITRE ATT&CK Framework Feature ABOUT MITRE ATT&CK on TruSTAR Read More
New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources Introducing the New Context Panel Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new ... Read More
IBM & City of Los Angeles Select TruSTAR to Build Security Tool for Local Businesses On Tuesday, at the 2019 LA Cyber Lab Summit, The City of Los Angeles announced their business partnership with IBM Security and TruSTAR to help local ... Read More