Threat intel sharing: Security breakthrough or flavor of the month?

Threat intelligence sharing has become the "new black" in the world of enterprise security, a trendy buzzword that has become ubiquitous at industry conferences and in vendor marketing pitches. But what exactly is threat intelligence sharing and are we using it effectively to defend against cyberattacks?

While there are many paths available —customer-to-vendor, vendor-to-customer, customer-to-customer, vendor-to-vendor—the core of threat intelligence sharing is typically information gathered from the customer by the vendor in order to help the customer respond to threats or attacks.

+ ALSO ON NETWORK WORLD: Old school antivirus vendors learn new tricks +

Another sharing situation involves this same intelligence being re-purposed by the vendor to produce new and/or improved detection signatures, blocking rules, or other forms of protection. This protection information is used in the vendor’s commercial product or service so it can be leveraged by the vendor’s other customers.

The problem is that “some customers are asking for their organization’s own threat intelligence to remain private and that it not be used by the vendor for mass commercial use,” says Candace Worley, senior vice president and general manager, Endpoint Security Business Unit at Intel Security. This is understandable, but it leads down a path where only a select set of affluent customers receive the white security glove treatment, leaving the rest of the world to fend for themselves.

richard struse

Richard Struse

To continue reading this article register now

The 10 most powerful cybersecurity companies