Threat Intelligence Tools and Information Sharing. The majority use a platform of some kind to link cyber security actors internally. • Detection tools are used in most cases, with a wide variety of types/instances. • Less than half use collaborative prevention tools, with “MISP” being highest example. • A variety of strategies / mechanisms are used to share threat intelligence with stakeholders. Sharing Security Intelligence Between Organisations • Point of contact for sharing between organisations is local choice (not just CISO). • A trusted network must be organised around trusted parties. • Distribution / sharing within an organisation is a matter of internal policy. Suggested Platform Facilities • Inter-organisational sharing of threat intelligence should include a platform with: o Library of threat intelligence (up-to-date library of threats + defensive measures). o Communication facilities for rapid Alerts, Awareness bulletins. o Analytics module (threats experienced by different users / locations / times, etc.).
Appears in 2 contracts
Sources: Deliverable D3.2, Grant Agreement