Blog Optimize Sharing Group Intelligence Into Your Security Operations

Optimize Sharing Group Intelligence Into Your Security Operations


Participating in information sharing groups like ISACs and ISAOs is one of the smartest things your security team can do. They help trusted peers collect and disseminate data that has a higher likelihood of being relevant to your threat investigations.

Most SOC managers or security analysts you talk to today won’t deny the value ISAC/ISAO data could bring to a security operations team… but easily ingesting this data into your existing workflow? That’s a whole different story.

Last week TruSTAR spoke with Retail-CISC members about how to optimize sharing group IOCs into your workflow. Here are the key takeaways.

  • Correlate your ISAC/ISAO reports with open and closed source feeds. Indicators that have the highest correlations help you know what to prioritize in your investigation first.
  • Don't underestimate your historical data. When investigating certain indicators like CVEs and malware strains, seek out correlations with past ISAC/ISAO reports.
  • Automate smartly. Tools like TruSTAR can help you auto-extract indicators from listservs and automate your SIEM workflow, saving your analysts' precious investigation time.

If you’re an R-CISC member, you can view a recording of our webinar here.

Interested in learning more about TruSTAR’s partnerships with ISACs/ISAOs? Click Here.

Dark Reading Threat Dashboard: Cyber-Enabled Fraud How One Company’s Cybersecurity Problem Can Become Another's Fraud Problem is the fourth post of a threat intelligence dashboard series developed by ... Read More
Connective Defense: Maximize Your Security Spend By Combining Cyber & Fraud Ops Rather than building taller silos of data that become even bigger targets for criminals, enterprises must come together around common means of data ... Read More
How To Make Your Threat Intelligence Data More Actionable Threat intelligence data is extremely valuable, but how do you effectively make use of it within your company? TruSTAR recently sat down with two ... Read More
New Research from Cloud Security Alliance: Building a Foundation for Successful Cyber Threat Intelligence Exchange This week at the 2018 RSA Conference, the Cloud Security Alliance released a new framework for Building a Foundation for Successful Cyber Threat ... Read More