There is an old saying that I have taken the liberty of tweaking that timing is “E”verything in life. This week, thanks to the revelations about the successful hack of U.S. government employee confidential personal information at the Office of Personnel Management (OPM), to say the timing of new threat intelligence insights and capabilities is timely might be one of the year’s great understatements.
I am referring to news that San Mateo, California-based threat intelligence provider Vorstack has simultaneously:
A new name and a new important game
A good place to start with all of the activities above is the context provided by a recent Enterprise Strategy Group (News - Alert) (ESG) Threat Intelligence Survey, done from what is now BrightPoint Security. All of the findings are worth a view, but the headline here is that while 94 percent of respondents see the value of sharing threat intelligence, only 37 percent of respondents’ organizations regularly share internally driven threat intelligence with other organizations or industry Information Sharing and Analysis Centers (ISACs). It points to the lack of automation, configurable policy controls and standards as inhibiting widespread acceptance.
“There is clearly an understood value in leveraging threat data, but organizations are finding it difficult to collect, analyze and pinpoint critical threats,” said Jon Oltsik, ESG senior principal analyst. “According to our research, automation is needed for organizations to wade through the mass of alerts they receive, and standards are needed for the secure sharing of threat intelligence.”
Additional key findings of the study include:
“The idea around sharing threat intelligence among organizations is rapidly gaining traction,” said Anne Bonaparte, CEO of Vorstack. “To achieve this, organizations need a holistic picture of internal and external threats for the enterprise, and the ability to share threat intelligence among organizations in a manner that is secure, anonymous, non-attributed and standards based. Our customers have found that sharing with ISACs and other trusted groups using our VorstackTM Trusted Circles delivers immediate value and actionable results to remediate. ”
As noted at the top, given all of the concerns being voiced about how slow OPM was in detecting its latest data breach and why it has not seemed to have learned from exploits done on it and others it is hard to imagine how the sharing of threat intelligence should not be a top public and private sector concern with more than a little sense of urgency attached.
This is where BrightPoint Security is touting its Sentinel platform for its ability to provide organizations the context and relevance added to security threats from a broader spectrum of outside organizations and partner ecosystems as valuable tools of speeding identification, remediation and prevention of attacks.
Sentinel’s enhancements include richer threat context for an organization’s Cyber Security Intelligence Operations Centers. This includes:
With its enhanced Trusted Circles, Sentinel extends controlled (meaning totally secured) sharing to partner ecosystems, including business partners, supply chain and portfolio partners, in addition to ISACs and similar threat intelligence resources. The value here is in accelerating the speeds at which there is identification of threats which means faster response times.
“Intelligence and threat intel sharing is a critical success factor for our cyber security program, and BrightPoint facilitates a secure and simple method to accomplish this sharing,” said Reid Stephan, Director of IT Security at St. Luke’s Health System in Idaho. “BrightPoint was very agile in responding to our needs and requests. The granularity in regards to whom we can share information with and what we can share is foundational to our cyber-threat intelligence strategy.”
“BrightPoint essentially provides the benefit of two FTEs,” added Stephan. “Instead of having to invest resources in 24×7 monitoring of our SIEM events/incidents, we can replay that data against BrightPoint and distill literally millions of events down to a few items of interest that warrant follow-up.”
BrightPoint Security’s Bonaparte, added: “The new value Sentinel’s launch brings in pinpointing the critical threats through enhanced context and relevance is significant for security teams. The feature of granular policy control to support a spectrum of business partners’ shared information, ranging from complete non-attribution through full disclosure, is critical for organizations to speed visibility into what is impacting their IT infrastructure, based on other companies that are part of their BrightPoint Trusted Circles.”
One thing heard throughout the IT security community these days is that, “We are all in this together.” And, while there is probably more than a little disingenuity in the current statements from Chinese government officials that they look forward to more collaboration with everyone to help deter cyber attacks, and in theory share best practices as well, the point is real-time threat sharing information is critical along with sharing threat remediation and threat prevention best practices, and currently there is not nearly enough going on.
The BrightPoint Security notion of “Trusted Circles” is more than directionally correct. Assuming suspicions that any data interchange, especially ones that are supposedly anonymous can be compromised, can be mitigated, the 94 percent of survey respondents who saw the value of threat sharing can’t be wrong. Having a holistic view from a lot of data points may not be the magic deterrent and quick fix politicians are clamoring for, but knowledge is power. You can’t react to what you cannot see, and the wisdom of the crowd for remediating problems once they occur surely can help increase IT security professionals’ abilities to not just respond but plan for how best to respond to similar threats going forward.
It should almost go without saying that this applies not just to external threats but insider ones as well.