Go to listing page
Automate Threat Alert Sharing between ISACs or Organizations for Real-time Collective Defense
Share Blog Post
Threat information sharing has become an integral part of modern security operations, allowing sharing participants to leverage collective knowledge, experience, and capabilities to counter the most relevant threats. Going one step further, Cyware Situational Awareness Platform (CSAP) version 2.7 now allows two different ISACs or organizations using CSAP to fully automate the sharing of alerts between themselves.
How can ISACs and Enterprises benefit from this?
- The new capability fosters real-time collective defense between two different ISACs or organizations by enabling them to alert each other of an ongoing security incident or threat that concerns all sharing partners.
- For example, an ISAC with members from the energy and power sector can proactively alert other ISACs of any ongoing power outage due to a cyberattack.
- Similarly, an ISAC with members from the financial services sector can notify other ISACs of phishing or Business Email Compromise (BEC) campaigns targeting finance and accounts teams in organizations.
- Moreover, ISACs can take cross-sectoral collaboration to the next level by leveraging each other’s deep-domain expertise for performing root cause analysis of respective threats and sharing the most effective learnings and mitigation strategies with each other.
- At the same time, enterprises can immensely benefit from this new capability as they can automatically alert their vendors or partners of any identified malicious attack or any new vulnerability that needs to be patched immediately.
How does it work?
- As a first step, CSAP Admins need to configure the API credentials of their sharing partners within the Integrations sections of the CSAP Dashboard.
- Thereafter, the CSAP Admins can define rules to trigger automated sharing of specific Alerts with their sharing partners. The rules can be defined as per the individual or combination of several parameters including TLP, Alert Category, or Information Source, as the need may be.
- Admins can also define rules to block the sharing of specific types of alerts such as TLP Red alerts to prevent any accidental disclosure of sensitive information.
- CSAP Admins can also configure the automation rules to enable direct sharing of Alerts, received from other ISACs or organizations, with their members or choose to save the received Alerts for review and enrichment.
The bottom line
Every ISAC or organization possesses insights and learnings based on the frequently occurring threats in their domain. By effectively automating the sharing of threat alerts in real-time, ISACs and enterprises can collaborate with their partner ISACs or vendors/peers respectively, and take the first step towards an extended collective-defense security strategy.
Posted on: October 05, 2020
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.