抵御网络安全威胁建立企业竞争优势

1、抵御网络安全威胁建立企业竞争优势HOW THREAT SHARING HONES YOURCOMPETITIVE EDGEIts for the greater goodThe bad guys do it all the time, so the good guys should tooIts the right thing to doArguments for threat intelligence sharing rely on altruistic reasons.2TY P I C A LA R G U M E N T SF O RW H YC Y B E RC O M P A N

2、I E S SH O UL DSH A R ET H R E A TI N T EL L I G EN C E THREAT SHARING IS EASY TO TALK ABOUT, BUT HARD TO DO IN PRACTICE3Even harder to do consistently at high quality and large scaleReally, really hard in the face of competitive pressuresWH A TO F T E NH A P P E NSA SAR E S U L T :CTAs sharing acti

3、vities around WannaCry made the entire industry better off, but also directly helped our membersITM A K E SY O UW A N N A CR Y .4IMPEDIMENTS: WHAT MAKES SHARING HARD AND HOW TO OVERCOME THESE BARRIERSTechnicalData volume, speed, and diversity pose problemsFive factors inhibit threat sharing:Legal Pa

4、rameters for acceptablesharing can be unclearCultural Sharing undercuts mybusiness modelEconomicHard to measure the ROI for sharingConceptualThreat sharing means different things to different peopleWH A TM A K E ST H R E A TS H A R I NGS OH A R D ?6Technical Technical standards exist Big data analyt

5、ics commonWays to move past the inhibitions:LegalUS & EU have legal frameworks Sharing organizations existCulturalIts not what you know, but what you do with what you knowEconomicCase studies show the benefits of sharingConceptualDifferent organizations share different informationWA Y ST OO V E R C

6、O M ET H E S EB A R R I E R S7We have the tools to overcome the impediments but sharing remains ad hoc. Many do not engage it.Organizations must want to share for it to occur.If companies will not share based on altruism, what reason will motivate threat sharing?SOW H A T ?8BEYOND ALTRUISM: THREAT S

7、HARING MAKES A SECURITYPROVIDER MORE COMPETITIVEEvery organization can learn something from sharing.Sharing forces you to defend your conclusions.It builds the connections needed to deal with crises.Regular sharing generates connections and ideasNo single company sees all malicious activityExchangin

8、g business cards in a crisis is a bad ideaHO WD O EST HR E A TS HA R I N GEN HA N C EY O U R CO M P E T I T I V EE D G E ?10Increased security comes from taking actionCybersecurity is not just a technical problemEnd-users are demanding a team approachNo organization has expertise in all the facets o

9、f cybersecurity.Its not what you know, but what you do with what you know.Comparative advantage should drive what organizations do.HO WD O EST HR E A TS HA R I N GEN HA N C EY O U R CO M P E T I T I V EE D G E ?11PRACTICING THE ART AND SCIENCE OF SHARING: HOW TO GET BETTER AT ITEffective threat shar

10、ing requires answering three questions:Who is sharing?What information are they sharing?What purpose are they sharing it for?The answers to these questions enable you to derive and identify the value you receive from sharing by:Focusing on relevant informationAligning sharing goals with business nee

11、dsTracking useful metrics to improve performance over time13HO N I N GY O U RT HR E A TS HA R I N GS K I L L SEight types of relevant information:Technical dataContextAttributionSituational AwarenessStrategic warningTactical warningBest practicesDefensive measures and mitigations14Five types of orga

12、nizations:Cybersecurity providers, platform providers, ISPsInformation sharing organizationsLarge companies and organizationsNational government agenciesLocal government agencies, small and medium businesses, and individualsFO C U S I N GY O U RS H A R I N GE FFO R T SMAKING SHARING WORK IN PRACTICE

13、: LESSONS LEARNED FROM PREVIOUS SHARINGSituational threat sharing reduces the “fog of war”Security community can get to the right answer much more quickly16Campaign threat sharing amplifies actionsCoordinated protections boost impactAutomated sharing enhances outputsOnly way to achieve scope and sca

14、leTH RE A TS H A RI N GE X A M P L E SWorking Groups focus threat sharing on particular events or threatsMembers use shared information to better disrupt malicious activity17Defensive measure threat sharing speeds up mitigation deploymentCustomers are protected more quicklyEarly sharing fills in gap

15、s and enhances defensesRecipients can put protections in place ahead of public releaseTH RE A TS H A RI N GE X A M P L E SF R O MC T ASomething is better than nothingDo not have to share everything for sharing to be usefulAutomation is important for technical sharingNeed speed and scaleHumans are im

16、portant tooPeople have to do something with the informationSharing is hard workTechnical parts can be challenging, but non-technical parts are more difficult18LE S S O N SF R O MO U RS H A R I N GE X P E R I E N C EAPPLYING THESE LESSONS IN THE REAL WORLD: CONCRETE STEPS TO IMPROVE SHARINGIf your or

17、ganization produces, collects, or provides threat intelligence:Analyze what you can share and what you could benefit from receivingJoin a formal threat sharing organizationAutomate the technical intelligence sharingIf your organization consumes threat intelligence:Ask your vendors how they share thr

18、eat intelligence across the industryAsk your vendors to validate the intelligence they share with youMake threat sharing an evaluation criterion in your cybersecurity contracts20AP P L Y I N GT H E S EL E S S O N SA TT H E OR GA N I Z A T I ON A LL E V E LIf your organization shares threat intellige

19、nce amongst members:Update your business rules to encourage sharingFocus on information types that fit your comparative advantageBuild relationships with other threat sharing organizations across sectors and geographic regionsIf your organization is a national government agency:Articulate priorities

20、 clearlyFocus sharing with the private sector on your comparative advantageEncourage cross-sector and international sharing21AP P L Y I N GT H E S EL E S S O N SA TT H E OR GA N I Z A T I ON A LL E V E LTranslate sharing into actionIdentify specific actions for different parts of the ecosystem to takeIdentify real/perceived barriers to actionCollaborate to s