It’s with great excitement that I announce the publication of our paper “Information Sharing as an Industry Imperative to Improve Security.” It took a lot of research and a lot of brainstorming and conversations with people who are involved in active security data sharing now.
“Collaborative defense is becoming much-needed in information security, and broader security data sharing is at its core due to the proliferation of advanced threats. This document assesses the current state of data sharing and provides recommendations for enterprises and vendors.”
A few fun quotes:
- “Security-data-sharing tools and practices are gaining mind share. Increasingly, enterprises are realizing that they must break with insular "every one for themselves" mindsets and band together to confront escalating threats.”
- “Most sharing happens within trusted circles. In general, the broader that the circles of sharing become, the less trust that exists, and the range of information that is shared and the value that is received diminishes.”
- “Use cases for shared data are detection, prevention (or blocking), remediation, investigation and planning for response to attacks. Most enterprises have — or should have — all these use cases to some degree.”
- “In some cases, organizations should establish a new functional group to undertake and coordinate sharing efforts. In other cases, an existing incident response or security operations center team can handle the function. Organizations should expand sharing efforts and relationships to involve supply chain partner organizations, customers and end users.”
P.S. Gartner GTP subscription required for access.
Blog posts from this research project: