




版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、抵御网络安全威胁建立企业竞争优势HOW THREAT SHARING HONES YOURCOMPETITIVE EDGEIts for the greater goodThe bad guys do it all the time, so the good guys should tooIts the right thing to doArguments for threat intelligence sharing rely on altruistic reasons.2TY P I C A LA R G U M E N T SF O RW H YC Y B E RC O M P A N
2、I E S SH O UL DSH A R ET H R E A TI N T EL L I G EN C E THREAT SHARING IS EASY TO TALK ABOUT, BUT HARD TO DO IN PRACTICE3Even harder to do consistently at high quality and large scaleReally, really hard in the face of competitive pressuresWH A TO F T E NH A P P E NSA SAR E S U L T :CTAs sharing acti
3、vities around WannaCry made the entire industry better off, but also directly helped our membersITM A K E SY O UW A N N A CR Y .4IMPEDIMENTS: WHAT MAKES SHARING HARD AND HOW TO OVERCOME THESE BARRIERSTechnicalData volume, speed, and diversity pose problemsFive factors inhibit threat sharing:Legal Pa
4、rameters for acceptablesharing can be unclearCultural Sharing undercuts mybusiness modelEconomicHard to measure the ROI for sharingConceptualThreat sharing means different things to different peopleWH A TM A K E ST H R E A TS H A R I NGS OH A R D ?6Technical Technical standards exist Big data analyt
5、ics commonWays to move past the inhibitions:LegalUS & EU have legal frameworks Sharing organizations existCulturalIts not what you know, but what you do with what you knowEconomicCase studies show the benefits of sharingConceptualDifferent organizations share different informationWA Y ST OO V E R C
6、O M ET H E S EB A R R I E R S7We have the tools to overcome the impediments but sharing remains ad hoc. Many do not engage it.Organizations must want to share for it to occur.If companies will not share based on altruism, what reason will motivate threat sharing?SOW H A T ?8BEYOND ALTRUISM: THREAT S
7、HARING MAKES A SECURITYPROVIDER MORE COMPETITIVEEvery organization can learn something from sharing.Sharing forces you to defend your conclusions.It builds the connections needed to deal with crises.Regular sharing generates connections and ideasNo single company sees all malicious activityExchangin
8、g business cards in a crisis is a bad ideaHO WD O EST HR E A TS HA R I N GEN HA N C EY O U R CO M P E T I T I V EE D G E ?10Increased security comes from taking actionCybersecurity is not just a technical problemEnd-users are demanding a team approachNo organization has expertise in all the facets o
9、f cybersecurity.Its not what you know, but what you do with what you know.Comparative advantage should drive what organizations do.HO WD O EST HR E A TS HA R I N GEN HA N C EY O U R CO M P E T I T I V EE D G E ?11PRACTICING THE ART AND SCIENCE OF SHARING: HOW TO GET BETTER AT ITEffective threat shar
10、ing requires answering three questions:Who is sharing?What information are they sharing?What purpose are they sharing it for?The answers to these questions enable you to derive and identify the value you receive from sharing by:Focusing on relevant informationAligning sharing goals with business nee
11、dsTracking useful metrics to improve performance over time13HO N I N GY O U RT HR E A TS HA R I N GS K I L L SEight types of relevant information:Technical dataContextAttributionSituational AwarenessStrategic warningTactical warningBest practicesDefensive measures and mitigations14Five types of orga
12、nizations:Cybersecurity providers, platform providers, ISPsInformation sharing organizationsLarge companies and organizationsNational government agenciesLocal government agencies, small and medium businesses, and individualsFO C U S I N GY O U RS H A R I N GE FFO R T SMAKING SHARING WORK IN PRACTICE
13、: LESSONS LEARNED FROM PREVIOUS SHARINGSituational threat sharing reduces the “fog of war”Security community can get to the right answer much more quickly16Campaign threat sharing amplifies actionsCoordinated protections boost impactAutomated sharing enhances outputsOnly way to achieve scope and sca
14、leTH RE A TS H A RI N GE X A M P L E SWorking Groups focus threat sharing on particular events or threatsMembers use shared information to better disrupt malicious activity17Defensive measure threat sharing speeds up mitigation deploymentCustomers are protected more quicklyEarly sharing fills in gap
15、s and enhances defensesRecipients can put protections in place ahead of public releaseTH RE A TS H A RI N GE X A M P L E SF R O MC T ASomething is better than nothingDo not have to share everything for sharing to be usefulAutomation is important for technical sharingNeed speed and scaleHumans are im
16、portant tooPeople have to do something with the informationSharing is hard workTechnical parts can be challenging, but non-technical parts are more difficult18LE S S O N SF R O MO U RS H A R I N GE X P E R I E N C EAPPLYING THESE LESSONS IN THE REAL WORLD: CONCRETE STEPS TO IMPROVE SHARINGIf your or
17、ganization produces, collects, or provides threat intelligence:Analyze what you can share and what you could benefit from receivingJoin a formal threat sharing organizationAutomate the technical intelligence sharingIf your organization consumes threat intelligence:Ask your vendors how they share thr
18、eat intelligence across the industryAsk your vendors to validate the intelligence they share with youMake threat sharing an evaluation criterion in your cybersecurity contracts20AP P L Y I N GT H E S EL E S S O N SA TT H E OR GA N I Z A T I ON A LL E V E LIf your organization shares threat intellige
19、nce amongst members:Update your business rules to encourage sharingFocus on information types that fit your comparative advantageBuild relationships with other threat sharing organizations across sectors and geographic regionsIf your organization is a national government agency:Articulate priorities
20、 clearlyFocus sharing with the private sector on your comparative advantageEncourage cross-sector and international sharing21AP P L Y I N GT H E S EL E S S O N SA TT H E OR GA N I Z A T I ON A LL E V E LTranslate sharing into actionIdentify specific actions for different parts of the ecosystem to takeIdentify real/perceived barriers to actionCollaborate to s
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025年湖南省常德市武陵区芷兰实验学校历史班物理高二下期末达标检测模拟试题含解析
- 2025年安徽六安市皖西高中教学联盟高二物理第二学期期末综合测试试题含解析
- 甘肃省岷县二中2025届物理高二下期末复习检测模拟试题含解析
- 化妆品商标管理办法细则
- 银行就业贷款管理办法
- 政务信息化经费管理办法
- 动车组网络安全管理办法
- 凉山州公共场所管理办法
- 消费金融项目管理办法
- 北京社区精细化管理办法
- 2024年1月黑龙江高中学业水平合格考政治试卷真题(含答案详解)
- 供应室护理进修汇报总结
- 储粮害虫与技术和化学防治
- 自适应前照灯控制系统
- 电梯招标文件示范文本
- 上海市安装工程预算定额(2000)工程量计算规则
- 街道、镇、区道路保洁及垃圾转运服务采购项目服务方案(投标方案)
- GB/T 16886.10-2024医疗器械生物学评价第10部分:皮肤致敏试验
- 医院感染管理制度制度汇编
- 幼儿园卫生检查表
- 水泵采购投标方案(技术方案)
评论
0/150
提交评论