Automate Threat Alert Sharing between ISACs or Organizations for Real-time Collective Defense

Threat information sharing has become an integral part of modern security operations, allowing sharing participants to leverage collective knowledge, experience, and capabilities to counter the most relevant threats. Going one step further, Cyware Situational Awareness Platform (CSAP) version 2.7 now allows two different ISACs or organizations using CSAP to fully automate the sharing of alerts between themselves.

How can ISACs and Enterprises benefit from this?

The new capability fosters real-time collective defense between two different ISACs or organizations by enabling them to alert each other of an ongoing security incident or threat that concerns all sharing partners.
For example, an ISAC with members from the energy and power sector can proactively alert other ISACs of any ongoing power outage due to a cyberattack.
Similarly, an ISAC with members from the financial services sector can notify other ISACs of phishing or Business Email Compromise (BEC) campaigns targeting finance and accounts teams in organizations.
Moreover, ISACs can take cross-sectoral collaboration to the next level by leveraging each other’s deep-domain expertise for performing root cause analysis of respective threats and sharing the most effective learnings and mitigation strategies with each other.
At the same time, enterprises can immensely benefit from this new capability as they can automatically alert their vendors or partners of any identified malicious attack or any new vulnerability that needs to be patched immediately.

How does it work?

As a first step, CSAP Admins need to configure the API credentials of their sharing partners within the Integrations sections of the CSAP Dashboard.
Thereafter, the CSAP Admins can define rules to trigger automated sharing of specific Alerts with their sharing partners. The rules can be defined as per the individual or combination of several parameters including TLP, Alert Category, or Information Source, as the need may be.
Admins can also define rules to block the sharing of specific types of alerts such as TLP Red alerts to prevent any accidental disclosure of sensitive information.
CSAP Admins can also configure the automation rules to enable direct sharing of Alerts, received from other ISACs or organizations, with their members or choose to save the received Alerts for review and enrichment.

**The bottom line **

Every ISAC or organization possesses insights and learnings based on the frequently occurring threats in their domain. By effectively automating the sharing of threat alerts in real-time, ISACs and enterprises can collaborate with their partner ISACs or vendors/peers respectively, and take the first step towards an extended collective-defense security strategy.

Automate Threat Alert Sharing between ISACs or Organizations for Real-time Collective Defense

Related Blogs

Implement a Requirements-Driven Approach to Your Threat Intelligence Lifecycle

Traffic Light Protocol (TLP) 2.0 Threat Intel Sharing Standard Now Available for Cyware Customers

Cyware’s Approach to Handling Apache Log4j2 Vulnerability

Experience Contextualized Information Sharing with Cyware’s Enhanced Situational Awareness Platform

Cyware Optimizes Real-time Security Alerting and Threat Information Sharing on Mobile Devices

Cyware’s CSAP v3.0 Streamlines Security Engagement with New Updated Messenger

Cyware’s CSAP v3.0 Streamlines User Onboarding with Guided Walkthroughs and Tutorial Videos

Cyware’s CSAP v3.0 Delights Users with Theme Management, Layout Customization, and Other UX Refinements

Cyware Brings All Hands on Deck for Collaborative Intel Sharing

Cyware's SOAR Response Workflow for SUNBURST Attack

Cyware Enhances Threat Alert Contextualization with New 'Custom Fields' Capability

CSAP Secures Information Sharing Channels with Granular Access Controls