Threat intel sharing: Security breakthrough or flavor of the month?

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Threat intelligence sharing has become the "new black" in the world of enterprise security, a trendy buzzword that has become ubiquitous at industry conferences and in vendor marketing pitches. But what exactly is threat intelligence sharing and are we using it effectively to defend against cyberattacks?

While there are many paths available —customer-to-vendor, vendor-to-customer, customer-to-customer, vendor-to-vendor—the core of threat intelligence sharing is typically information gathered from the customer by the vendor in order to help the customer respond to threats or attacks.

+ ALSO ON NETWORK WORLD: Old school antivirus vendors learn new tricks +

Another sharing situation involves this same intelligence being re-purposed by the vendor to produce new and/or improved detection signatures, blocking rules, or other forms of protection. This protection information is used in the vendor’s commercial product or service so it can be leveraged by the vendor’s other customers.

The problem is that “some customers are asking for their organization’s own threat intelligence to remain private and that it not be used by the vendor for mass commercial use,” says Candace Worley, senior vice president and general manager, Endpoint Security Business Unit at Intel Security. This is understandable, but it leads down a path where only a select set of affluent customers receive the white security glove treatment, leaving the rest of the world to fend for themselves.

To continue reading this article register now