INTELLIGENT ENTERPRISE SECURITY
The five critical challenges in
threat intelligence sharing
Vincent Weafer, Vice President, McAfee Labs, outlines how security vendors and
organisations can incorporate valuable intelligence into their security operations.
A
utomated threat intelligence
sharing is not new but it is still
in its early years. During the past
several years, the industry has invested
in machine generation and machine
consumption of tactical threat data. Most
data consists of event logs and indicators
of compromise, such as file hashes,
suspicious URLs and IP addresses.
These indicators are very time
sensitive, and lose value almost
immediately. At the same time, the
volume and quality of this data creates
new challenges. It is hard to identify
high-quality, actionable indicators among
38
the flood of information, making triage
difficult for security analysts.
Although the industry has built
tactical intelligence sharing capabilities,
especially among each company’s
own products, the industry still fails
at sharing high-level, contextually
rich intelligence, such as advanced
campaigns, at a meaningful level and
with other industry participants.
Five critical challenges face security
vendors and organisations that want to
incorporate this valuable intelligence into
their security operations. They are volume,
validation, quality, speed and correlation.
Vincent Weafer, Vice President, McAfee Labs.
Issue 06
INTELLIGENT TECH CHANNELS