As I promised in my post On Security Data Sharing, we are starting a new research project on information security data sharing. Specifically, our research (joint with Dan Blum) will focus on how organizations can benefit from shared security data, what types of data can/should be shared, what are the barriers to sharing, what methods and protocols can be used and, most importantly, how to share/receive security data for enhancing your security defenses. We will look at the new commercial data sharing providers (RedSky, SecurityStarfish), ISACs (FS-, REN- … any others still alive?), and other organizations and will try to learn from both successes and failures (of which there are plenty, BTW).
So, here is my next call to action:
- We have requested briefings from two commercial data sharing service providers and some ISACs. Other vendors, if you think you are closely related to security data sharing, got anything to say about it? Here is a briefing link … you know what to do.
- Enterprises, got a data sharing-related story to ..well… share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.