true
Blog Optimize Sharing Group Intelligence Into Your Security Operations

Optimize Sharing Group Intelligence Into Your Security Operations

R-CISC-webinar

Participating in information sharing groups like ISACs and ISAOs is one of the smartest things your security team can do. They help trusted peers collect and disseminate data that has a higher likelihood of being relevant to your threat investigations.

Most SOC managers or security analysts you talk to today won’t deny the value ISAC/ISAO data could bring to a security operations team… but easily ingesting this data into your existing workflow? That’s a whole different story.

Last week TruSTAR spoke with Retail-CISC members about how to optimize sharing group IOCs into your workflow. Here are the key takeaways.

  • Correlate your ISAC/ISAO reports with open and closed source feeds. Indicators that have the highest correlations help you know what to prioritize in your investigation first.
  • Don't underestimate your historical data. When investigating certain indicators like CVEs and malware strains, seek out correlations with past ISAC/ISAO reports.
  • Automate smartly. Tools like TruSTAR can help you auto-extract indicators from listservs and automate your SIEM workflow, saving your analysts' precious investigation time.

If you’re an R-CISC member, you can view a recording of our webinar here.

Interested in learning more about TruSTAR’s partnerships with ISACs/ISAOs? Click Here.

How To Make Your Threat Intelligence Data More Actionable Threat intelligence data is extremely valuable, but how do you effectively make use of it within your company? TruSTAR recently sat down with two ... Read More
New Research from Cloud Security Alliance: Building a Foundation for Successful Cyber Threat Intelligence Exchange This week at the 2018 RSA Conference, the Cloud Security Alliance released a new framework for Building a Foundation for Successful Cyber Threat ... Read More
New E-Book: 5 Steps to Optimizing Your Threat Intelligence If you want to know how TruSTAR really feels about the state of threat intelligence today, look no further. Read More