Blog Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

Introducing Private Enclaves: Targeted Incident Exchange Collaboration within TruSTAR

This week TruSTAR is excited to introduce Private Enclaves, a new feature that allows you to create a private group within TruSTAR for targeted incident exchange and collaboration. Reports submitted to an Enclave are only shared with members within that private group and correlated with other Enclave reports. All Enclave activity is only visible to members of that Enclave. Members of the Enclave can choose to remain anonymous or share as much attributable information as they want, given the higher level of trust within the private group.

Choose Share With Enclave Option During Submission

Enclave Reports Have an Orange Bar Next to them

The purpose is simple: enable TruSTAR customers that have something in common — an enterprise, a supply chain, an industry or even a risk profile — to form private groups to exchange and collaborate on incident information of specific interest to them all. However, this does not preclude Enclave members from viewing relevant reporting from the wider TruSTAR community. TruSTAR will correlate Enclave member reports with other incident reports shared by TruSTAR community and show pertinent correlations. You can then elect to share an incident more broadly in order to gain greater context.

Constellation shows correlations with relevant community reports

So how can you use Enclave?

Large organizations often have pertinent threat or incident information siloed within specific departments or across subsidiaries that may be first alerted to a problem. Sometimes there is a delay in exchanging information either because the relevance to others is not immediately recognized or simply because filing a report takes an understandable back burner to solving the problem. TruSTAR members can now form an Enclave within their own enterprise to ensure that the security, fraud, abuse and other associated teams collaborate as quickly as possible when an incident occurs. This not only streamlines reporting, but since all incidents submitted to the Enclave are correlated, it also automates some of the detective work needed to determine whether seemingly disparate events may be related and helps prioritize those incidents that may have the broadest operational impact.

This level of cooperation and collaboration among trusted affiliates can be extended even further. TruSTAR Enclaves can also be a cost- and time-efficient means of managing third-party risk and reducing the success rate of strategic, multi-step secondary attacks.

Whether it be spear phishing to gain access to user credentials, and then using those credentials to abuse a web application, or attacking a point-of-sale system by first compromising some secondary system, multi-step attacks that involve more than just a single victim seem to be on the rise. The attack on Target, which first compromised one of its smaller partners who had limited access to its external billing system, is the most high-profile and one of the more damaging, examples of such a third-party attack. This kind of strategic secondary attack is extremely worrisome for security executives who understand that no matter how advanced their security team may be, their company is part of a much larger ecosystem over which their direct influence only extends so far.

“In 70% of the attacks where we know the motive for the attack, there’s a secondary victim.” — Verizon 2015 Data Breach Investigations Report

But now, executives can invite their key suppliers and partners to TruSTAR and form an Enclave to exchange incident information among their partner ecosystem. Larger companies, who may be the primary targets of a secondary attack, can use their often deeper security expertise to provide early warning of troubling attack patterns to those in their ecosystem, as well as quickly learn when key partners are targeted or compromised so they can be proactive in adjusting their defenses. For large companies with sophisticated security operations, sharing incident information is one way to extend your reach and bolster the security expertise of your smaller suppliers who may not have access to the same defensive resources. Further, the availability of incident data combined with the power of TruSTAR’s correlation technology can provide unprecedented visibility into attack patterns across seemingly disparate targets within your partner ecosystem and the broader TruSTAR community. The goal is to help you identify and mitigate potential multi-step, secondary attacks on your business before the damage is done.

Enclaves are easy to setup and manage. Current and potential customers simply need to contact TruSTAR to get started. We can’t wait to work with our customers to see what other use cases they uncover for this flexible platform feature. Contact us today to learn more or sign up.

For a more detailed FAQ please visit the TruSTAR wiki.

How to Get the Most out of Your Community Plus Toolkit TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America.  Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More
COVID-19 Intelligence Briefing: What Makes You Vulnerable? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More