Participating in information sharing groups like ISACs and ISAOs is one of the smartest things your security team can do. They help trusted peers collect and disseminate data that has a higher likelihood of being relevant to your threat investigations.
Most SOC managers or security analysts you talk to today won’t deny the value ISAC/ISAO data could bring to a security operations team… but easily ingesting this data into your existing workflow? That’s a whole different story.
Last week TruSTAR spoke with Retail-CISC members about how to optimize sharing group IOCs into your workflow. Here are the key takeaways.
- Correlate your ISAC/ISAO reports with open and closed source feeds. Indicators that have the highest correlations help you know what to prioritize in your investigation first.
- Don't underestimate your historical data. When investigating certain indicators like CVEs and malware strains, seek out correlations with past ISAC/ISAO reports.
- Automate smartly. Tools like TruSTAR can help you auto-extract indicators from listservs and automate your SIEM workflow, saving your analysts' precious investigation time.
If you’re an R-CISC member, you can view a recording of our webinar here.
Interested in learning more about TruSTAR’s partnerships with ISACs/ISAOs? Click Here.