The Internet continues to expand and connect more devices every minute. The number of connected devices is now over 10 billion, so the need for effective cyber threat intelligence sharing has never been greater. Cyber-attacks have increased in frequency and sophistication, presenting significant challenges for organizations that must defend their data and systems from capable threat actors. Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats.
Red Sky Alliance Corporation was founded in 2011 as a private membership organization for companies to share actionable cyber threat intelligence in a secure portal without government oversight or participation. This allowed members to hold frank conversations with analysts from Red Sky Alliance and other organizations without fear of being reported to a government agency. The name, Red Sky Alliance, was used because the company and the membership were an “Alliance” against cyber threats. Over the past 11 years, the company has evolved to become a global provider of cyber threat intelligence and services.[1]
Cyber Threat actors range from individual, autonomous attackers to well-resourced groups operating in a coordinated manner as part of a criminal enterprise or on behalf of a nation-state. Threat actors can be persistent, motivated, and agile, using various tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, and expose or steal intellectual property and other sensitive information. Given the risks these threats present, it is increasingly important that organizations share cyber threat information and use it to improve their security posture.
By exchanging cyber threat information within a sharing community, organizations can leverage their collective knowledge, experience, and capabilities to understand the threats the organization may face. Using this knowledge, an organization can make threat-informed decisions regarding defensive capabilities, threat detection techniques, and mitigation strategies. By correlating and analyzing cyber threat information from multiple sources, an organization can enrich existing information and make it more actionable.
This enrichment may be achieved by independently confirming the observations of other community members and by improving the overall quality of the threat information by reducing ambiguity and errors. Organizations that receive threat information and subsequently use this information to remediate a threat confer a degree of protection to other organizations by impeding the threat’s ability to spread. Additionally, sharing cyber threat information allows organizations to detect better campaigns targeting industry sectors, business entities, or institutions.
In our interconnected world, a threat to one organization can quickly become a threat to many others, making it essential for businesses and other organizations to share information and work together to stay safe online. Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats.
Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors; suggested actions to detect, contain, or prevent attacks; and the findings from the analyses of incidents. Organizations that share cyber threat information can improve their security postures and those of other organizations. Such sharing is important; it encourages more connection and collaboration between entities (internally and externally), helping organizations to prevent cyberattacks. If a threat actor possesses the means and motivation, a cyber threat to one organization logically may be considered a threat to another.
Cyber Threat Intelligence (CTI) sharing promises to be a new method to create situation awareness among sharing stakeholders. Moreover, it is seen as a necessity to survive current and future attacks by working proactively instead of only reactively. It may become obligatory for organizations to have a threat intelligence program to be part of proactive cyber security and share their information. The core idea behind threat intelligence sharing is to create stakeholders' awareness by sharing information about the newest threats and vulnerabilities and swiftly implementing the remedies.
Targeted cyber threat intelligence is threats made against a particular domain, meaning that these threats have been individualized for a particular attack. It has been observed that these same attacks can be used against the same industry segment, making sharing even more important to market segments. The industry ISACs have made this their business to help protect their members, following the Red Sky Alliance value proposition from 2011.
One of the key benefits of cyber threat intelligence sharing is the ability to stay ahead of potential threats, and CTI can aid stakeholders in making tactical decisions. We can take proactive measures to protect ourselves and our systems by sharing information about known vulnerabilities and attacks. This can help prevent costly downtime and damage to our company's reputation. Another important aspect is the ability to respond quickly to emerging threats. We can deploy counter-measures to protect ourselves and our systems in minutes by sharing information about ongoing attacks. This can help minimize the impact of an attack and prevent further damage.
Cyber threat information sharing is exchanging knowledge about threats, incidents, vulnerabilities, mitigations, leading practices, or tools relevant to a technology-based/technology-leveraged risk set. Threat intelligence is evidence-based knowledge, including contexts, mechanisms, indicators, implications, and actionable advice, about existing cyberattacks or emerging cyber threats that can be used to understand the threats that have, will, or are currently targeting an organization. The primary purpose of threat intelligence is to help organizations perceive the risks of the foremost common and severe external threats, like zero-day threats, advanced persistent threats, and exploits, and thus allowing them to make informed decisions regarding the response to those threats.
Going beyond IP addresses, hashes, and other threat data, threat intelligence provides the critical context around a threat activity, including Indicators of Compromise (IoC), Indicators of Attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary.
Threat intelligence can help analyze risks, allocate resources, and understand threats relevant to one’s organization, industry, and geography.
While the scope of cyber threat intelligence information sharing is broad, an agreed-upon set of principles and guidelines exists. Professionals have tested these guidelines for several years. Adhering to them will assist stakeholders in creating, participating in, and deriving value from cyber threat intelligence sharing arrangements.
What cyber threats are directed at your organization before they breach your network? Please visit https://redskyalliance.com, and our analysts will show you how we can monitor cyber threats against any domain in the world without requiring a network connection or any hardware or software to be installed. Once you know, you can share these cyber threats with your own sharing community.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.cybersecurityintelligence.com/blog/sharing-threat-intelligence--6912.html
Comments