Blog Optimize Sharing Group Intelligence Into Your Security Operations

Optimize Sharing Group Intelligence Into Your Security Operations


Participating in information sharing groups like ISACs and ISAOs is one of the smartest things your security team can do. They help trusted peers collect and disseminate data that has a higher likelihood of being relevant to your threat investigations.

Most SOC managers or security analysts you talk to today won’t deny the value ISAC/ISAO data could bring to a security operations team… but easily ingesting this data into your existing workflow? That’s a whole different story.

Last week TruSTAR spoke with Retail-CISC members about how to optimize sharing group IOCs into your workflow. Here are the key takeaways.

  • Correlate your ISAC/ISAO reports with open and closed source feeds. Indicators that have the highest correlations help you know what to prioritize in your investigation first.
  • Don't underestimate your historical data. When investigating certain indicators like CVEs and malware strains, seek out correlations with past ISAC/ISAO reports.
  • Automate smartly. Tools like TruSTAR can help you auto-extract indicators from listservs and automate your SIEM workflow, saving your analysts' precious investigation time.

If you’re an R-CISC member, you can view a recording of our webinar here.

Interested in learning more about TruSTAR’s partnerships with ISACs/ISAOs? Click Here.

New E-Book: 5 Steps to Optimizing Your Threat Intelligence If you want to know how TruSTAR really feels about the state of threat intelligence today, look no further. Read More
TruSTAR in WSJ: The C-Suite as Prime Target for Cyberattacks Executives are prime targets for hackers looking for access to valuable information and influence. So what are companies doing to train their ... Read More
R-CISC and Columbus Collaboratory to Discuss Threat Intelligence Exchange Best Practices at International Information Sharing Conference PRESS RELEASE: WASHINGTON, D.C. (PRWEB) NOVEMBER 01, 2017  Read More