Blog Optimize Sharing Group Intelligence Into Your Security Operations

Optimize Sharing Group Intelligence Into Your Security Operations


Participating in information sharing groups like ISACs and ISAOs is one of the smartest things your security team can do. They help trusted peers collect and disseminate data that has a higher likelihood of being relevant to your threat investigations.

Most SOC managers or security analysts you talk to today won’t deny the value ISAC/ISAO data could bring to a security operations team… but easily ingesting this data into your existing workflow? That’s a whole different story.

Last week TruSTAR spoke with Retail-CISC members about how to optimize sharing group IOCs into your workflow. Here are the key takeaways.

  • Correlate your ISAC/ISAO reports with open and closed source feeds. Indicators that have the highest correlations help you know what to prioritize in your investigation first.
  • Don't underestimate your historical data. When investigating certain indicators like CVEs and malware strains, seek out correlations with past ISAC/ISAO reports.
  • Automate smartly. Tools like TruSTAR can help you auto-extract indicators from listservs and automate your SIEM workflow, saving your analysts' precious investigation time.

If you’re an R-CISC member, you can view a recording of our webinar here.

Interested in learning more about TruSTAR’s partnerships with ISACs/ISAOs? Click Here.

Making Sense of Unstructured Intelligence Data Using NLP The push towards structuring threat intelligence data has gained new momentum with the proliferation of new intelligence sharing ontologies like ... Read More
TruSTAR’s Paul Kurtz Talks To Executive Director of IT-ISAC About the Benefits of Intelligence Fusion   In the past twenty years, companies have deployed more technology, processes, and people to defend its applications and systems than ever before… ... Read More
TruSTAR To Present Blockchain Research Tool At ShmooCon 2019 TruSTAR is headed to ShmooCon 2019! As a follow-on to our blockchain research debut at Black Hat and DEF CON 2018, TruSTAR will present a second ... Read More
IBM & Rackspace Select TruSTAR To Power Unprecedented New Cloud Fraud Exchange Partnership TruSTAR, a leader in cyber intelligence management, has announced a new partnership with IBM and Rackspace to create the Cloud Fraud Exchange, a ... Read More