Abstract
Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats.
Highlights
Information has undoubtedly become one of the most valuable assets for organisations, and whose dependence on it is constantly rising
Prior to becoming a valuable asset for the organisation, cyber threat information has to be properly collected from various sources, correlated, analysed and evaluated to add significant value to the raw and/or unevaluated data, producing the so-called “Cyber Threat Intelligence”
Legal constraints may prohibit or restrict the uncontrolled sharing of CTII. Examples of the latter are any personally identifiable information (PII) that may be part of the shared sightings, such as usernames of entities that have been identified as sources of malicious activity and restrictions that stem from the corresponding telecommunications privacy legal framework
Summary
Information has undoubtedly become one of the most valuable assets for organisations, and whose dependence on it is constantly rising. 79% of Chief Information Security Officers in the Banking sector believe that cybercriminals have become more sophisticated [2] In this constant battle, organisations have to retain visibility of emerging and evolving threats and defend themselves against a wide range of adversaries with various levels of motivations, capabilities and access to resources. The number of CTI sources is increasing, as do cyber threat intelligence platforms capable of consuming information from threat intelligence feeds, analysing, evaluating and classifying it prior to sharing threat information with the community. Organisations have the ability to participate in such threat-sharing communities or intelligence groups, and analyse and evaluate CTII via their security operations team. One of the most challenging issues in this process is achieving consensus regarding how this information should be shared among interested parties and the threat intelligence community.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
