| | January 20159CIOReviewbenefit from that exact type of information.Cyber Security Intelligence--From a Trickle to a Flood.Information sharing works. Over the past few years it has become an invaluable part of cyber defenses in critical sectors and has helped prevent, minimize or mitigate the impact from attacks including Distributed Denial of Service (DDoS) attacks, targeted attacks, advanced persistent threats, nation state attacks, cyber criminal attacks, attacks against critical processes and many more.At the same time that information sharing has become so important; the actual threat data available to analyze security threats has passed the tipping point. What used to be a small trickle is now a gushing torrent. Thousands of threat indicators flood in from many sources, some reliable, some not. According to some estimates, the average analyst can take up to seven hours to process a single piece of threat intelligence. No single organization can do it all. And no single vendor provides a comprehensive solution that addresses the entire threat "Today's threat intelligence sharing must occur at network speeds. It needs to be available for all critical sectorsintelligence lifecycle. It's time to rethink this whole process. What if the same practices around threat intelligence sharing that have helped defend the financial critical infrastructure could be re-created at machine speed? And then applied to other critical sectors? What if many hours of analysis turn into mere seconds? Having proven, effective information sharing processes is the first part of forming a Community Defense. But once you have those processes established, automating them creates tremendous efficiencies.The Automation of Threat Intelligence SharingNearly two years ago, FS-ISAC realized that its membership would require threat intelligence to be automated. While several private sector solutions were being developed around threat intelligence, it would require a cross-organization, cross-vendor, even a cross-sector approach to establish the backbone for automated information sharing. FS-ISAC partnered with The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry to develop just such a solution. Called Soltra Edge, this security automation platform codifies the `Circles of Trust' utilized in critical information sharing. It enables confident, straight through processing of threat intelligence to help immediately reduce risks & threats as they unfold. "Today, most cyber threat information is provided manually to users from various, unconnected industry sources. Because of this, on an average, it can take firms seven hours to evaluate each threat," states Mark Clancy, CEO of Soltra, CISO of DTCC and Board Member of FS-ISAC. "With Soltra Edge, one organization's incident becomes everyone's defense. The solution will enable clients to send, receive, and store cyber security threat intelligence in a streamlined and automated format, enabling these firms to deploy safeguards against a potential cyber attack."Soltra Edge helps take threat intelligence in many formats and normalizes this data using open standards known as including Structured Threat Information eXchange (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) so that the intelligence can be easily processed and used. This platform is designed to support a Community Defense model in each sector, and also helps share information across sectors. It's designed for use by thousands of critical entities and is also designed to plug in to dozens of cyber security software solutions from private sector vendors.A Community Defense approach, supported by active information sharing and enhanced with automation should be a key piece of today's cyber strategy for many organizations. Proven models are out there. Best practices are in use and effective. Automation is available. Many organizations can benefit from this approach and experience the ISAC motto: "One organization's incident becomes everyone's defense." William B. Nelson
<
Page 8 |
Page 10 >