Insight by Anomali

Breaking down the barriers to improve cyber threat information sharing

“The government doesn’t have a monopoly on threat intelligence in this space.” That’s what Tonya Uggoretz, the director of the cyber threat intelligence integration center, said quite profoundly back in April.

By no means should that comment shock anyone who pays attention to the constant and ever-changing threat to public and private sector systems, networks and data.

But what Uggoretz’s comments did do is hit the nail right on the head when it comes to this constant push and pull between government and industry to share what they know, when they know it and how to fix it in a trusted and secure way.

Over the years we’ve seen a host of pilot programs and attempts to ensure there is no monopoly. From Homeland Security Department’s Automated Indicator Sharing (AIS) program to the Defense Department’s DIBNET-S, which is a classified network for defense contractors to receive intelligence on threats to their companies, and the just recently announced National Risk Management Center from DHS, which aims to help break down some of the communication barriers that exist between the government and sectors when it comes to sharing cybersecurity threats, these and so many other approaches still haven’t helped agencies and industry finally break free from the culture and technical challenges they face with cyber threat information sharing.

Utilizing Threat Intelligence in Cyber Posture

The scale of the problem is incredible. I’ve been at Anomoli for about four years and when I first started here it was 200,00 or 300,000 indictors. Year two it was 2-to-3 million. Now it’s over 100 million indicators that everyone has access to on our platform.

Volume and Data Issues

We know that meant…key players dropped in the next couple of dozen patches that you need to put on right now. We know Patch Tuesday is preceded by Adversary Scan Wednesday. We know the adversary is already actively looking so our job is to look for any of those now known vulnerabilities for the systems we have, how fast we can patch and share what the adversary is focused on.”

AI and Machine Learning

Quality, context and speed are the three things we need to continue to focus on [around cyber threat intelligence]. We need to set the standards, we need to set the mechanism, and we need to not just focus on that after we have an attack or incident, but we need to make sure we actually lay that path ahead.

Listen to the full show: