Only Malware in the Building: Making Information Sharing Work
N2K NetworksNovember 4, 202535 min186 views
26 connections·40 entities in this video→The Genesis of Information Sharing
- 💡 The National Cyber Forensic and Training Alliance (NCFTA) was established as a neutral space to bring together government, private sector, and academic institutions to tackle emerging cybercrime.
- ⚠️ Initial skepticism towards sharing information with the government stemmed from concerns about customer data privacy, public disclosure of security breaches, and a lack of clear controls.
Challenges and Concerns in Information Sharing
- 🔒 Companies often hesitate to share information due to fears of PII leaks, involvement in legal cases, and a desire to keep their business private.
- ❓ A significant obstacle is the question of what constitutes actionable intelligence and how shared information will be used, leading to a need for clear communication and demonstrated value.
- 🗣️ The analogy of public-private partnerships being like karaoke is used, where everyone is enthusiastic until it's their turn to contribute, highlighting a reluctance to be the first to share.
Successful Information Sharing and Collaboration
- 🚀 Operation Endgame is cited as a prime example of successful public-private collaboration, leading to major takedowns of botnets and ransomware loaders.
- 🤝 Unique visibility from different entities (e.g., Proofpoint seeing initial access, others seeing post-exploitation) underscores the necessity of collaboration to gain a complete picture of threats.
- 🌐 Making research public through blogs or platforms like GitHub is a crucial form of information sharing, enabling independent researchers, private sector, and law enforcement to act on the data.
Operationalizing and Encouraging Information Sharing
- 📈 Organizations can make the case for information sharing by highlighting how it enhances their own security and contributes to the greater good, potentially leading to positive publicity.
- 🤝 Non-profits like the Cyber Threat Alliance and industry-specific ISACs provide valuable platforms for collective defense and peer-to-peer information exchange.
- 🗺️ Frameworks like MITRE ATT&CK serve as a central repository for actionable intelligence, helping organizations understand threats and implement defenses.
The Future of Information Sharing
- 🗣️ The hope is that information sharing becomes an integrated part of doing business online, rather than a novel topic requiring constant discussion.
- 📊 Demonstrating the outcomes and benefits of information sharing is crucial to encourage continued engagement and build trust, moving beyond buzzwords to tangible results.
- 💬 Continuous communication about the usefulness of shared intelligence is key to building trust and ensuring participants feel their contributions are valuable and lead to collective defense.
Knowledge graph40 entities · 26 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover · drag to explore
40 entities
Chapters15 moments
Key Moments
Transcript131 segments
Full Transcript
Topics14 themes
What’s Discussed
Information SharingPublic-Private PartnershipsCyber Threat IntelligenceNCFTAActionable IntelligenceOperation EndgameCybercrimeThreat ActorsCollective DefenseMITRE ATT&CKISACsCybersecurity ResearchRansomwareBotnets
Smart Objects40 · 26 links
Medias· 2
Concepts· 19
People· 2
Events· 3
Companies· 11
Locations· 3