Today’s White House Summit on Cybersecurity is the climax of a momentous eight-day span during which we witnessed the largest ever cyber attack on a healthcare company and the creation of a new government agency.
The formation of the Cyber Threat Intelligence Integration Center (CTIIC) certainly legitimizes the urgent need to create modern, more-agile intelligence sharing solutions and best practices to combat cybercrime. More importantly, CTIIC’s creation is an important step forward in promoting the collaboration among Federal agencies that have disparate cyber missions and capabilities; the creation of more comprehensive finished intelligence; and the real time dissemination of actionable indicators of compromise (IOC) as a key defense against today’s threats.
Chief executives of Apple, American Express, Visa and the like gathered for the White House Summit to discuss information sharing. We heard Kenneth Chenault, Chairman and CEO of American Express, talk about information sharing as the most cost-effective way with the greatest impact on reducing cyberthreats. This sentiment was echoed by Bernard Tyson of Kaiser Permanente and ultimately named a guiding principle for meeting the challenge of our digital age by the President in his address.
Information sharing should be on the minds of all CIOs, CISOs and security professionals: what does it mean for those of us who face a constant yet ever changing threat matrix each and every day? And, more importantly, what can we do about it?
Information sharing among security professionals is traditionally informal and anecdotal at best. Peers reach out or meet in person for advice on a quarterly, monthly or ad hoc basis and trade information on notable incidents and perceived threats. Unfortunately, this approach is no longer viable, and “information sharing” must be redefined.
Modernized information sharing can be broken into three ongoing actions:
Although a defense-in-depth strategy should include antivirus technologies, we must abandon the overemphasis on precise threat signatures and network indicators to detect intrusions given that these signatures are days or, worse yet, weeks or months old. Also, malware can be changed ever so slightly and quite easily to conduct follow-up attacks that will bypass traditional antivirus signatures.
Therefore, an enterprise’s best defense lies in building a strong offense that utilizes threat intelligence about attack methodologies, behaviors and actual IOCs to hunt and remediate threats on endpoints in real time.
Your threat intelligence is exponentially stronger when you’re receiving data and insights from multiple sources. An easy first step is to subscribe to numerous IOC sources, such as Virus Total, IOC Bucket and iSIGHT Partners. Follow up with some simple outreach to valuable data partners: