Iid infoshare exec_summary final


Published on

IID examines the current state of cybersecurity intelligence sharing as well as its roadblocks and how they can be overcome. This includes viewpoints from leaders in the field of cybersecurity, representing a diverse cross-section of businesses and government agencies like Microsoft, Georgetown University and the City of Seattle.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Iid infoshare exec_summary final

  1. 1. Sharing the Wealth, and the Burdens, of Threat Intelligence Why security experts must unite against cyberattacks, and what’s stopping them from collaborating more effectively. White Paper: Exec Summary
  2. 2. New era of collaboration Cybercrime evolves quickly, strikes often Good guys lack organized, automated and scalable ways to share intel Major business, government and education players working to make sharing work more effectively “Information sharing is still overly predicated on four dudes in a room…talking about what happened last month.” City of Seattle 2
  3. 3. Three stages of collaboration 1. Proactive measures −  Internet hygiene recommendations −  Suspicious phishing/malware IP addresses −  Software vulnerability/patch updates 2. Incident response −  Crisis management −  Threat mitigation 3. Post-attack inquiries −  Work with authorities to investigate and prosecute “The bulk of the investment moving forward should be in preventative.” Microsoft 3 “If we invested one tenth of what we invest in cyber- security into old fashioned police work, we’d actually have a better return on investment.” Georgetown University
  4. 4. Obstacle #1 Manual, disparate technologies and standards −  Slow manual processes −  Nothing automated or scalable −  Need standards, procedures, data formats and reports −  “The bad guys move fast…so the data needs to move extremely fast.” Microsoft 4
  5. 5. Obstacle #2 Trust issues −  Who to trust? •  Competitors •  Regulators −  Need to define with whom, how, when and how much to share “Collaboration is great, but collaboration without trust doesn’t get very far.” IID 5
  6. 6. Obstacle #3 Liability of sharing −  Sharing too much or wrong information? •  Limits needed •  Fast remedial procedures −  Legal indemnification to prevent blowback from over-sharing “There are a lot of stakes involved in balancing between maintaining the privacy of individual users and still being able to share certain information on security incidents so others can protect themselves.” Forum for Incident Response and Security Teams 6
  7. 7. Obstacle #4 Lack of resources, incentive −  Overburdened, understaffed •  Sharing intel not a priority •  Often caught unaware −  Collaboration is single most effective way •  Largest companies already sharing −  CEOs recommend private/government sharing as vital to cybersecurity “Please come up with some incentives that will especially get local governments to adopt these frameworks because otherwise they’re not going to do it and the impact is…probably loss of life.” City of Seattle 7
  8. 8. Conclusion Corporations, organizations and agencies working toward advances in cybersecurity intel sharing Leaders setting standards and creating solutions Can we work faster than the criminals? A major attack could shut down the Internet, or worse Read the white paper at http://internetidentity.com/white-papers/