Skip to main content

Only Malware in the Building: Making Information Sharing Work

N2K NetworksNovember 4, 202535 min186 views
26 connections·40 entities in this video

The Genesis of Information Sharing

  • 💡 The National Cyber Forensic and Training Alliance (NCFTA) was established as a neutral space to bring together government, private sector, and academic institutions to tackle emerging cybercrime.
  • ⚠️ Initial skepticism towards sharing information with the government stemmed from concerns about customer data privacy, public disclosure of security breaches, and a lack of clear controls.

Challenges and Concerns in Information Sharing

  • 🔒 Companies often hesitate to share information due to fears of PII leaks, involvement in legal cases, and a desire to keep their business private.
  • ❓ A significant obstacle is the question of what constitutes actionable intelligence and how shared information will be used, leading to a need for clear communication and demonstrated value.
  • 🗣️ The analogy of public-private partnerships being like karaoke is used, where everyone is enthusiastic until it's their turn to contribute, highlighting a reluctance to be the first to share.

Successful Information Sharing and Collaboration

  • 🚀 Operation Endgame is cited as a prime example of successful public-private collaboration, leading to major takedowns of botnets and ransomware loaders.
  • 🤝 Unique visibility from different entities (e.g., Proofpoint seeing initial access, others seeing post-exploitation) underscores the necessity of collaboration to gain a complete picture of threats.
  • 🌐 Making research public through blogs or platforms like GitHub is a crucial form of information sharing, enabling independent researchers, private sector, and law enforcement to act on the data.

Operationalizing and Encouraging Information Sharing

  • 📈 Organizations can make the case for information sharing by highlighting how it enhances their own security and contributes to the greater good, potentially leading to positive publicity.
  • 🤝 Non-profits like the Cyber Threat Alliance and industry-specific ISACs provide valuable platforms for collective defense and peer-to-peer information exchange.
  • 🗺️ Frameworks like MITRE ATT&CK serve as a central repository for actionable intelligence, helping organizations understand threats and implement defenses.

The Future of Information Sharing

  • 🗣️ The hope is that information sharing becomes an integrated part of doing business online, rather than a novel topic requiring constant discussion.
  • 📊 Demonstrating the outcomes and benefits of information sharing is crucial to encourage continued engagement and build trust, moving beyond buzzwords to tangible results.
  • 💬 Continuous communication about the usefulness of shared intelligence is key to building trust and ensuring participants feel their contributions are valuable and lead to collective defense.
Knowledge graph40 entities · 26 connections

How they connect

An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.

Hover · drag to explore
40 entities
Chapters15 moments

Key Moments

Transcript131 segments

Full Transcript

Topics14 themes

What’s Discussed

Information SharingPublic-Private PartnershipsCyber Threat IntelligenceNCFTAActionable IntelligenceOperation EndgameCybercrimeThreat ActorsCollective DefenseMITRE ATT&CKISACsCybersecurity ResearchRansomwareBotnets
Smart Objects40 · 26 links
Medias· 2
Concepts· 19
People· 2
Events· 3
Companies· 11
Locations· 3