On Security Data Sharing Research
by Anton Chuvakin | February 10, 2013 | 3 Comments
As I promised in my post On Security Data Sharing, we are starting a new research project on information security data sharing. Specifically, our research (joint with Dan Blum) will focus on how organizations can benefit from shared security data, what types of data can/should be shared, what are the barriers to sharing, what methods and protocols can be used and, most importantly, how to share/receive security data for enhancing your security defenses. We will look at the new commercial data sharing providers (RedSky, SecurityStarfish), ISACs (FS-, REN- … any others still alive?), and other organizations and will try to learn from both successes and failures (of which there are plenty, BTW).
So, here is my next call to action:
- We have requested briefings from two commercial data sharing service providers and some ISACs. Other vendors, if you think you are closely related to security data sharing, got anything to say about it? Here is a briefing link … you know what to do.
- Enterprises, got a data sharing-related story to ..well… share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
Related posts:
- On Security Data Sharing
- Our Log Standards Paper Publishes (mentions select data sharing standards)
- More on DoS and Shared Security
Additional Resources
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.
Read Free Gartner Research
Category: data security sharing
Tags: data-sharing security
Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry
Thoughts on On Security Data Sharing Research
Comments are closed
Who's Blogging
- Andrew Lerner
- Scot Kim
- Andrew White
- Debbie Wilson
- Samantha Searle
- Mark Mcdonald
- Pedro Pacheco
- Clare Dietz
- Don Scheibenreif
- Nicole Greene
- Anthony Bradley
- Darin Stewart
- Bill Ray
- Emily Moquin
- Kate Muhl
- Avivah Litan
- Rene Buest
- Merv Adrian
- Deacon Wan
- Jitendra Subramanyam
- Dave Egloff
- Charles Golvin
- Colin Reid
- Craig Roth
- Tony Iams
- Rajesh Narayan
- Rajesh Kandaswamy
- Zachary Weinberg
- Srijita Chakraborty
- Mike Mcguire
- Kristina Laroccacerrone
- Manjunath Bhat
- Steve Rietberg
- Benjamin Bloom
- Robert Hetu
- Richard Watson
- Hank Barnes
- Marko Sillanpaa
- Marco Meinardi
- Marty Resnick
- Chris Ross
- Augie Ray
- Lizzy Foo
- Daniel Sanchezreina
- Vivek Swaminathan
- John Wheeler
- Simon Walker
- Mark Diodati
- Julian Poulter
- Jane Anne
About
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
Anton,
This should be a productive and interesting discussion. I am interested to hear the differences between commercial information sharing for a fee, and information sharing from a funded organization serving the needs of Critical Infrastructure protection.
Cheers!
Glenn Merrell, CAP
ICS-ISAC.org Workforce Development Director / Advisor
First, thanks for the comment. If you are involved with ICS-ISAC, would you consider briefing us on its status, etc via http://www.gartner.com/it/about/vbriefings_faq.jsp
Second, we’d be exploring this (commercial vs “public” sharing) and other issues in this multi-decade saga (started in 1998 with PDD63 if not earlier) towards information sharing.
[…] On Security Data Sharing Research […]