Threat-Intel Sharing Communities Spring Up to Aid Network Defenders
Security technology companies are offering an expanding menu of choices for corporate network defenders who want to keep up on the latest cyber-threats.Three years ago, companies that wanted to exchange information on the latest cyber-threats needed to belong to one of several exclusive clubs, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), Microsoft's Active Protections Program (MAPP) or the Anti-Virus Information Exchange Network (AVIEN). Since then, new information-sharing tools and networks have emerged to allow businesses to exchange attack information with other companies. In September 2013, for example, Hewlett-Packard launched a threat-intelligence sharing environment, dubbed Threat Central, which allows its customers to upload threat data and share it with other subscribers. Security and network-management provider AlienVault supports the Open Threat Exchange that allows anyone to upload threat data and post analyses. Security services firm Cyber Squared offers companies a similar environment known as Threat Connect. While each provider has a different goal for their platform, the offerings allow business customers to gain intelligence and share information on threats, usually in machine-readable format that speeds their response to attacks, Jerry Bryant, lead security strategist for the Microsoft Security Response Center (MSRC), told eWEEK. Defenders need to counter attackers' ability to quickly share information on network weaknesses, he said.
"I don't think that attackers are that much better at sharing information," Bryant said. "This is less about attackers sharing information amongst themselves, and more about countering their level of automation."