Despite the great strides made in threat intelligence sharing over the past few years, information exchanges are still too segmented and inaccessible to much of the industry, said AlienVault president and CEO Barmak Meftah at Infosecurity Europe 2015.
As well as breaking down barriers to intel-sharing and accessibility, effective threat intelligence must be crowd-sourced, Meftah argued: “[If we do this] the efficacy of how we share that data is going to go through the roof.”
Sharing more actionable information about attacks, as well as indicators of compromise, is the most important step for the industry in trying to keep abreast of diversifying and damaging waves of cyber-attack.
“The only way you can change the mechanics of the adversary [having an advantage over] us, is by us stacking hands, coming together and sharing observed threat data,” he said.
As well seeking to facilitate collection, validation and dissemination of data – it is essential that threat intelligence is also affordable.
“I have a huge problem with vendors that try to source threat data from the victims of breach and then try to sell that data back to the victims of breach,” he said.
No one should seek to monetize threat intelligence, Meftah said: “It belongs to the community.”
How to make that intelligence available to authenticated parties is a technological challenge for vendors to solve.
While much work remains, Meftah did praise many of the efforts that have seen threat intelligence take off in recent years. With vertical exchanges like the FS-ISAC, standards such as MITRE, and government-backed schemes in the US and UK, positive steps are being made.
Even the likes of Facebook are offering new initiatives in this area.
However, “We have to work harder and harder to open the parameters of threat sharing,” Meftah said, arguing that too much threat intelligence is limited to the big players in specific verticals.