Blog & Tools

Shared intelligence has become valuable cyber-defense tactic

cybersecurity communications

Businesses of all sizes are under nearly constant attack. Cybercriminals always are looking for vulnerabilities ­– human as well as mechanical – to exploit and help them break into networks. The attraction, of course, is information that can be sold or used to make money.

To effectively combat the countless and growing base of threats, it’s become critical for public and private entities to share information, and they’re doing it with increasing frequency.

Fortinet, a California-based company that develops and sells cybersecurity products and services, points out, “Cybercrime has no borders, and the best way to combat the creativity and negative impact of adversaries is partnership based on actionable intelligence from wide and diverse sources.”

Last year, Fortinet data helped international law enforcement agencies catch a global gang of cybercriminals.

In 2014, Fortinet, an IT security vendor that SDN Communications uses, cofounded the broadband industry’s first cyber defense consortium to encourage the sharing of information about threats and preventive measures. This past January, the Cyber Threat Alliance (CTA) formally incorporated as a not-for-profit organization and named a former presidential aide, Michael Daniel, its first president.

Other founding members of the CTA are Intel Security, Palo Alto Networks, Symantec, Check Point Software Technologies Ltd. and Cisco.

“Sharing threat intelligence significantly reduces attackers’ advantages, making their efforts less profitable and shortening the effective lifecycle of campaigns,” reports McAfee Labs, which is part of Intel Security.

McAfee Labs Threat Report for April 2017 recognized that several factors have helped break down barriers in information sharing, including:

  • Updates to legal frameworks.
  • New standards.
  • Automating information-sharing.
  • The emergence of new organizations.

As businesses become more reliant on technology, they also become larger targets for online attacks. They’re fighting a growing and evolving array of threats, often while struggling to adequately staff their security departments.

Businesses and agencies need to make the best possible use of resources available to them. Besides the CTA, other information-sharing resources are operating to help businesses and better secure the United States. Here are three of them:


US-CERT

The United States Computer Emergency Readiness Team (US-CERT) is part of the U.S. Department of Homeland Security. It “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

In 2000, because of a soaring number of cyber breaches, Congress created the Federal Computer Incident Response Center and put it in the General Services Administration. The center’s mission expanded when it moved under the newly-created Department of Homeland Security in 2003. Technical alerts and other information from US-Cert are available via email.


Fusion Centers

State and local Fusion Centers help local, state and federal governments get better information on possible threats to the nation’s well-being. The centers now include private partners as well as law enforcement agencies.

The South Dakota Fusion Center operates under the state Department of Public Safety and the U.S. Department of Homeland Security. It compiles, analyzes and disseminates criminal intelligence to prevent and investigate criminal activity.

The Center scrubs business information to protect the privacy of customers, but trends in data can be useful.

SDN Communications, the host of this blog, partners with the South Dakota Fusion Center. Read about the working relationship in our previous blog.


InfraGard

InfraGard is a partnership between the FBI and members of the private sector, including business executives and entrepreneurs. It’s an online and meeting resource for public and private collaborators. The objective is to protect the nation’s critical infrastructure.

InfraGard membership is vetted. In addition to business people, members include military and government officials, law enforcement officers and computer professionals. South Dakota has an affiliated organization: the InfraGard South Dakota Membership Alliance. Members meet periodically to hear presentations and discuss issues.


SDN is now sharing its information on cyber threats through a quarterly report. Use the button below to get the latest Cyber Threat Landscape Report and subscribe to receive them as they’re distributed.