The Power of Community Defense: Using a Combination of Threat Intelligence, Information Sharing and Open Standards

April 1, 2015
| |
2 min read

As seen in the media on a regular basis, organizations are being breached in a variety of ways, and the sophistication of attacks ranges from basic to truly mind-bending. The simplest of these breaches are executed using methods organizations have known how to protect against for years, yet they still fail to deploy the proper countermeasures. With these much more intricate attacks, companies still would have been at risk, even with the best prevention methods in place.

However, by banding together and implementing a community defense to share information, organizations can achieve a number of important goals, such as detecting attacks at an early stage with a security information and event management (SIEM) solution, helping to reduce catastrophic events, providing insight on security risks and alerting others about which threats to secure against.

According to the latest IBM X-Force security research, vulnerability disclosures rocketed to a record high in 2014, and designer vulnerabilities such as Heartbleed and Shellshock revealed cracks in the foundation of underlying libraries on nearly every common Web platform.

Learning where your organization stands on the community defense curve and figuring out how to best leverage information sharing for your business needs should be a top security priority. The following are a few things to consider:

  • How information can be properly shared;
  • Current information sharing models that are available;
  • How information should be shared across sectors;
  • Minimizing privacy concerns while maximizing benefit;
  • Getting large-scale participation.

The next few years should be very interesting as defenders join forces to share security knowledge for the safety of their organization, customers and peers. What will the future hold for those who actively engage in information sharing and community defense?

Community defense best practices and strategies will be discussed in detail during a two-hour, information-packed session sponsored by the Financial Services Information Sharing and Analysis Center and Soltra at RSA 2015. Security community panelists and peers will address how to practice information sharing across industries and geographies, how to make threat intelligence actionable, the economics involved and how open standards such as the Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) will be used.

Sandy Bird
IBM Fellow, CTO for IBM Security

Sandy Bird was the co-founder and CTO of Q1 Labs, now part of IBM. Today, he's the CTO for IBM Security and is responsible for the company's strategic techno...
read more