Blog How TruSTAR Aligns With Dark Reading’s 6 Steps for Sharing Threat Intelligence

How TruSTAR Aligns With Dark Reading’s 6 Steps for Sharing Threat Intelligence

Late last week, Steve Zurier of Dark Reading published an insightful article covering the 6 Steps for Sharing Threat Intelligence in collaboration with TruSTAR CEO Paul Kurtz.

Below are four key principles for threat intelligence sharing, as detailed in the article. 

  1. Information sharing is not altruistic. It’s not just about paying it forward, it’s about being an active participant in a collaborative environment that you can (and will) see many benefits from.
  2. Information sharing is also not about breach notification. By sharing earlier stage suspicions (not just post-breach data), you help keep others informed of things on your radar (and in return get the same insights from outside).
  3. Sharing data with other organizations about exploits and vulnerabilities is legal so long as you don't share personally identifiable information. There is a plethora of valuable information to share and receive that doesn’t involve PII, and governmental legislatures are in place to support this.
  4. The sharing system must be easy to use. If it isn’t in the same workflow your analysts are already working in, it’s very unlikely they are going to participate. We’ve built sharing right into the same UI and processes our customers interact with to ensure it’s as simple as possible.

At TruSTAR we strongly believe we're the only TIP on the market that addresses each one of these steps within a single platform. Mature security organizations must be able to incorporate threat intelligence exchange data into their own organizations and the wider community. 

Here are six steps you can use to meet the above principles of information sharing. 

  1. Understand threat events you are seeing in-house. By ingesting full security events into your private enclave, TruSTAR customers not only ensure what their analysts have seen and worked on in the past are presented immediately, but we also break down internal silos of information by allowing correlations to security events and data seen by other analysts, teams, departments, offices, etc. to ensure your organization functions as a unified team when performing analysis.
  2. Make more efficient use of the intelligence you're already using. We allow users to ingest any source of information (OSINT, paid feeds, sharing groups, ISACs/ISAOs, etc.), but if your team is burdened by manual ingestion and correlation, they likely aren’t using it at all, let alone in a timely manner. We pool all intelligence sources into a single view, correlated by common IOCs (indicators of compromise), so your analysts can sift through the noise in real time and spend their time analyzing instead of aggregating.
  3. Start the information-sharing process. TruSTAR was built from the ground up for sharing. We enable both internal sharing between teams, offices, etc. and with external organizations such as regional or sector-specific partner groups, etc. With our customizable and self-learning redaction features, you can efficiently remove any sensitive information from your data prior to sharing to ensure your legal team is on-board.
  4. If possible, don't limit your sources of threat intelligence. Unlike simple bi-directional sharing solutions such as communities or trusted circles, TruSTAR enables complex organizations to engage with various partners and groups seamlessly within a single platform. This allows you to engage with as many sources of data as relevant to your organizations, and understand which of these sources are actually providing valuable enrichment versus just adding noise.
  5. Select a system that can participate with the U.S. government. Our founders have roots within government, so we understand how crucial including government entities in the threat sharing process is to chase down the bad guys. We also know not all organizations want to, or are able to, share with the government, so any user of our technology can optimize their workflows as needed for their constraints to enable or disable this.
  6. Small organizations: lean on your ISAC for help. By enabling such a range of data sources to enrich your analysis needs, we not only streamline processes for larger organizations, but also empower smaller organizations as well to take advantage of the communities of data seen by industry partners. A smaller team won’t have as much in-house knowledge or tools to take advantage of, so pulling info from outside can have a huge, immediate impact.
Black Hat 2019 Recap: Strategies for Understanding Your Attacker   Read More
CSA Security Update Podcast: TruSTAR CEO Paul Kurtz on the Value of Information Sharing on Threat Intelligence   TruSTAR’s CEO and co-founder Paul Kurtz recently appeared on Cloud Security Alliance’s podcast, CSA Security Update, and sat down with podcast host ... Read More
TruSTAR Sits Down With the Shape Security's Director of Engineering to Discuss Fraud & Account Takeover Trends The TruSTAR team recently had the opportunity to sit down with Jarrod Overson, the Director of Engineering at Shape Security. Jarrod, an expert in ... Read More
Intelligence Management and Gartner's SOAR: Thinking About Workflow First Gartner's Security Orchestration Automation and Response (SOAR) market category was announced in November 2017, and since then we've seen numerous ... Read More