At last – a central platform, open to all security professionals, to share up-to-the-minute knowledge of threats to your organizations.
Threat intelligence is organized, analyzed and refined information about potential or current attacks that threaten an organization. Wouldn’t it be great to have access to this intelligence from your peers, and not have to start from scratch on everything?
The primary purpose of threat intelligence is to inform organizations on the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage.
Switzerland’s government initiatives are largely focused on critical infrastructure. This leaves out all other organizations without access to essential cyber threat information.
Several other initiatives do exist, but are always restricted to smaller groups and are hard to gain access to. In addition, there is no available platform where the information sharing part really works.
SIGS got a reduced version of the Anomali platform for setting up one central point to collect as much information as possible. To benefit everyone, the SIGS ISAC is opening up cyber threat intelligence to all organizations, including smaller businesses that will now be able to access the right resources and data to help mitigate their cyber risk.
As a first stage, only open-source information is available. We are trying to get additional sponsorship from other vendors or interested parties, to bring in quality content as soon as possible. But it’s a community project and we need as well your support!
The most important part
To make the platform successful, we need companies which are willing to share their information on the platform, or which can provide additional IOC data from their infrastructure. Only with additional content – especially information sharing – from members, can we really add value for all.
Think in a new way! If you already have analyzed an attack, and you share this information through the platform, the other members don’t have to do the same work and can save resources (which will getting really hard to find) and time – and as we all know, time is money.
The TRUST thing
Trust is essential in this kind of project. In the past, trust was built through in-person meetings and gatherings. Nowadays, the lack of availability hinders this model, and force us to adapt and adjust in order to learn how to handle trust over internet.
On our platform, the “e-Chatham House Rules” are a fundamental law. All parties must confirm a Non-Disclosure Agreement (NDA) and an End User License Agreement (EULA). To help extend the trust factor on a personal level, we offer almost four times a year the SOC Forum in Zurich and as well in Swiss Romande as a chance to meet.