The Shared Threat Intelligence Platform from SIGS powered by Anomali
At last – a central platform, open to all security professionals, to share up-to-the-minute knowledge of threats to your organizations.
Threat intelligence is organized, analyzed and refined information about potential or current attacks that threaten an organization. Wouldn’t it be great to have access to this intelligence from your peers, and not have to start from scratch on everything?
The primary purpose of threat intelligence is helping organizations understand the risks of the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage.
Switzerland’s government initiatives are largely focused on critical infrastructure (GovCERT.ch). This leaves all other organizations without access to essential cyber threat information.
We’ve also heard that there are several other initiatives – but always from smaller groups, and it is not easy to gain access. In addition, there is no available platform where the information sharing part really works.
SIGS got a reduced version of the Anomali platform for setting up one central point to collect as much information as possible. To benefit everyone, the SIGS ISAC is opening up cyber threat intelligence to all organizations, including smaller businesses that will now be able to access the right resources and data to help mitigate their cyber risk.
As a first stage, only open-source information is available. We are trying to get additional sponsorship from other vendors or interested parties, to bring in more really good content as soon as possible. But it’s a community project and we need your support!
The most important part
To make the platform successful, we need companies which are willing to share their information on the platform, or which can provide additional IOC data from their infrastructure. Only if we are able to get additional content – especially information sharing – from members, we can really add value for all. So if you already have analyzed an attack, and you share this information through the platform, the other members don’t have to do the same work and can save time – and as we all know, time is money.
The TRUST thing
We know that trust is one of the most important parts in such a project. But we know as well that times have already changed, and will change further. There will be less time for personal get-togethers and we are sure we have to learn to handle TRUST as well in electronic forms.
On our platform the “e-Chatham House Rules” are a fundamental law. All parties have to confirm a Non-Disclosure Agreement (NDA) and an End User License Agreement (EULA). But to help extend the trust factor on a personal level, we offer almost four times a year the SOC Forum in Zurich and as well in Swiss Romande as a chance to meet.