What is the best way for enterprise security teams to share threat information? How does automation come into play? And how do companies go about joining a sharing group?
This week, TruSTAR's co-founder and CEO Paul Kurtz sat down with former AT&T CISO and current CEO of TAG Cyber Edward Amoroso to talk about the current state of threat intelligence exchange in the enterprise.
Excerpt from their Q&A below. To read the full interview, click here.
EA: Paul, what is the best way for enterprise security teams to share threat information?
PK: While most organizations want to share, they are not ready to do so. They tend to struggle with wrangling threat landscapes within their own organizations, which makes it difficult to decide what and how to share. Luckily, through trial and error, we’ve identified three requirements that will help companies share threat intelligence information in an exchange effectively: First, they must learn to seamlessly correlate events that occur inside their organization to reconcile current and past events into meaningful intelligence. Second, they must take time to operationalize any threat data that might already be coming in from outside parties, such as ISACs or proprietary threat feeds. And third, they must identify and highlight their return-on-investment for sharing. This will include the cyber risk reduction that come from receiving early indicators of attack from a trusted threat intelligence exchange.
Check out Paul and Ed's conversation from the Garner Security Summit 2017.