More than three-quarters (76 percent) of security professionals believe they have a moral responsibility to share threat intelligence even though most are still only sharing this among trusted peers (56 percent) or internally (47 percent).
AlienVault conducted research on 222 security pros at Black Hat 2016 to find out how they incorporate threat intelligence into their malware defence strategies.
Security teams are growing as 53 percent of respondents reported that the number of security incidents that occurred over the past year has increased.
Threat intelligence is rapidly being recognised as a critical aspect of security for organisations and vendors. A majority (95 percent) use threat intelligence in some way.
Threat intelligence sources are relied upon including their own detection processes (66 percent), trusted peers (48 percent), paid subscription services (44 percent), government agencies (38 percent), crowdsourced/Open source communities (37 percent) and blogs/online forums (28 percent).
In addition to their peers and internally, respondents said they also share threat intelligence with government agencies (28 percent), publicly (18 percent) and with crowdsourced/Open Source platforms (15 percent).
“The nature of the security industry has been extremely secretive, so it's very encouraging to see that more people are utilising different sources and are willing to more openly share threat intelligence. Malicious criminals innovate quickly, and the more our industry can achieve a similar level of agility through cooperation and collaboration, the more we can create a powerful collective defence against today's advanced threats,” said Javvad Malik, security advocate at AlienVault.
Talking to SCMagazineUK.com, wing commander Martin Smith of the Joint Cyber Reserve, in which civilian cyber professionals volunteer to serve in the armed forces in their spare time, explained how recruits benefitted from information sharing in the organisation. “Reservists get to network with their peers from other organisations working in cyber-security, and while they can't share proprietary secrets, they are able to share threat intelligence and approaches to locate and prevent attacks. It benefits both them and us.”
During a press briefing at NATO Information Assurance and Cyber Defence Symposium (NIAS) 2016 in Mons, Belgium, last month Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks concurred, explaining how Nato and some industry players are sharing threat intel.
Day explained, “Criminals collaborate effectively, whereas good people have not. We want to change the model and not sell threat intelligence for financial gain. If we all exchange information we'll all get better, quicker solutions for our customer base. Sometimes we can't share details but we can share benefits - and Nato gives its insights and fills gaps.”
John Stewart, senior VP, chief security and trust officer at Cisco, part of the sharing group, emphasised that trust, collaboration and partnerships were needed by the good guys, who still had some way to go to get the same results as the bad guys. At the same event Kah-Kin Ho, senior director EMEA, FireEye noted, “No one company has all the answers - cyber-security is a team sport. Coming together with the military, we have a good exchange of how we view the threat landscape.”