It’s with great excitement that I announce the publication of our paper “Information Sharing as an Industry Imperative to Improve Security.” It took a lot of research and a lot of brainstorming and conversations with people who are involved in active security data sharing now.
“Collaborative defense is becoming much-needed in information security, and broader security data sharing is at its core due to the proliferation of advanced threats. This document assesses the current state of data sharing and provides recommendations for enterprises and vendors.”
A few fun quotes:
- “Security-data-sharing tools and practices are gaining mind share. Increasingly, enterprises are realizing that they must break with insular "every one for themselves" mindsets and band together to confront escalating threats.”
- “Most sharing happens within trusted circles. In general, the broader that the circles of sharing become, the less trust that exists, and the range of information that is shared and the value that is received diminishes.”
- “Use cases for shared data are detection, prevention (or blocking), remediation, investigation and planning for response to attacks. Most enterprises have — or should have — all these use cases to some degree.”
- “In some cases, organizations should establish a new functional group to undertake and coordinate sharing efforts. In other cases, an existing incident response or security operations center team can handle the function. Organizations should expand sharing efforts and relationships to involve supply chain partner organizations, customers and end users.”
P.S. Gartner GTP subscription required for access.
Blog posts from this research project:
- From IPs to TTPs
- Consumption of Shared Security Data
- On Trust in Security Data Sharing
- On Security Data Sharing Research
- On Security Data Sharing
- Our Log Standards Paper Publishes
- More on DoS and Shared Security.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.