Threat intelligence sharing services have been around almost since the earliest days of malware, but lately they seem to be gaining traction among IT professionals. In mid 2015, we noted that Facebook had set up its own exchange to share threat information. Since then, nearly 500 organizations have joined the effort, and the social networking company has added enhancements such as a tagging schema and real-time notifications.

The Threat Intelligence Explosion

Facebook is a great example of how threat sharing programs have quickly expanded. IBM continues to enhance its own X-Force Exchange with new notification features and additional information. A “curated list of awesome threat intelligence resources” hosted on GitHub includes several dozen different exchanges, along with numerous standards for sharing specific details about malware and a variety of tools that leverage these exchanges, such as CollabNet, SpiceWorks, OpenPhish, Metadefender and Spamhaus, just to name a few.

This explosion can be attributed to the ineffectiveness of traditional pattern-matching solutions. Cybercriminals leverage tools to produce unique patterns for malware infections, and new strains are becoming adept at hiding in memory, making detection more difficult. This means that defenders have to become better organized.

Community Outreach

IT teams can become more effective with these exchange-based tools, but it will require some effort. First, management must buy into sharing efforts and understand their value. Without top-level support, the whole notion of sharing might become a political issue rather than a technical one.

The main lesson passed from Ken Weston, senior security analyst at Tripwire, to eSecurity Planet was that “before threat exchanges can be useful, you need a solid infrastructure that provides visibility into your network and log activity picked up by intrusion detection systems.” Without this level of visibility, exchanges are worthless since you won’t know whether a threat has already appeared across your network.

Next, you must decide which community you want to participate in. Not all communities support all log formats, and some are designed to work with a particular vendor’s intrusion detection systems. A few communities are also more open than others. Programs from IBM, Imperva, Microsoft and McAfee, for example, all require customers to register, while open source tools are more inclusive. You should pick the community that uses the same tools you already have in place to simplify information transfer.

Finally, you need to understand the standards employed by the particular reporting formats of your chosen community. Make sure your logs can be converted into the appropriate format without a lot of effort, otherwise you will have less incentive to share threat intelligence information.

Visit the IBM X-Force Exchange

More from Risk Management

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read