Indulge me for a minute if you will...Cybersecurity’s near impossible challenge is to stay one step ahead of the bad guys even though defenders often can’t see them coming. In one sense, attacks resemble earthquakes -- with no clues you’re hit, the devastation is in the aftermath and the deeper you inspect the worse it gets. Limiting the destruction is fittingly where most of the parrying takes place but knowing the hackers are probing for a weak point before the exploit occurs is the new frontier for network guardians.
This is where sharing of threat intelligence comes in, particularly as an assault is happening or in its immediate wake: What is injuring one company now can be preventive for many others later on. Here’s what Security Intelligence had to say about cyber information sharing:
“The way we share information and what we share should increase our knowledge of the adversaries and which assets they are after. This can only happen if we get information from a wide range of players from different fields…You also have to define what you would like to share before an incident occurs. It is important to agree on standardizing threat information."
The sharing models Trusted Automated Exchange of Indicator Information (TAXII) and Structured Threat Information Expression (STIX), both of which are open community specs to standardize cyber threat information for sharing, help fuel the process.
NC4's Shared Cyber Defense Strategy
With that backdrop, NC4, a managed service provider of cyber and physical threat sharing moving from management into defensive actions, has launched a new cloud-based platform called the Cyber Defense Network for the Financial Services Industry (CDN/FS). The El Segundo, California-based company’s initiative includes STIX/TAXII-based community cyber threat intelligence sharing among members along with protection features for individual companies to use.
NC4 said financial services is the first of many infrastructure industries the CDN will support with an initial rollout slated for later this year. Members of the Financial Services Information Sharing and Analysis Center (FS-ISAC), the financial industry’s hub for cyber and physical threat intelligence analysis and sharing, are eligible to participate in CDN/FS, NC4 said. The company will introduce the CDN/FS platform at the FS-ISAC conference in Baltimore, MD, which began on October 1.
"Given the increasing threats to the financial services industry, it's imperative to improve the cyber defense for the industry at large as well as for individual members. CDN/FS will begin with initial defensive measures that will grow over time," said Aubrey Chernick, NC4 founder.
NC4's Cyber Sharing Strategy
Here's how the CDN/FS program works (likely the template for future offerings):
- Cyber threat intelligence professionals of member organizations will be able to create anonymous threat indicators to share with other members.
- Cyber threat indicators will be extracted from members' threaded discussions and emails. Members will also receive threat indicators from the Department of Homeland Security’s Automated Indicator Sharing (DHS/AIS) program and will be able to rate and comment on them and discern trends through a CDN dashboard.
- CDN/FS will initially provide a manual for authorized threat intelligence or operations users such as Security Operations Center (SOC) or Network Operations Center (NOC) staff.
- The initial forays will concentrate on blocking access to malicious sites and documents through companies that support STIX/TAXII typically in the next generation firewalls, beginning with Cisco’s Firepower Management Center platform.
NC4’s flagship managed service offering is its NC4 Mission Center for portal-based intelligence sharing. The company positions itself as the leading managed service provider for STIX/TAXII -based threat sharing.