Threat Intel Collaboration Resources for the Embattled Cyber Defender

Written By Jason Minor

Introduction

In the interconnected world of today, it is very important to maintain a unified front against the many threats that defenders face on a daily basis. Efforts have been made to create methods for sharing threat intelligence, and coordinate defense strategies. In this article I will provide a list of such resources.

National Council of ISACs (NCI)

The National Council of ISACs (NCI) is group of industry-specific Information Sharing and Analysis Centers (ISACs) that collaborate with each other. Its goal is to facilitate the sharing of cyber and physical threat information between private and government sectors, and to coordinate incident response. At the time of this article’s publication, there are 28 ISACs.

CISA

The Cybersecurity & Infrastructure Security Agency (CISA) is a government group that provides valuable resources for critical sectors that it also makes free to the public. One of its offerings is a collection of information sharing programs.

Automated Indicator Sharing (AIS)
CISA provides a technical method for sharing indicators between public, private and governmental sectors. Organizations can sign up to share data directly with CISA at no cost using STIX/TAXII and PKI certs.

Joint Cyber Defense Collaborative (JCDC)
This is a voluntary partnership group that consists of federal agencies, private companies, critical infrastructure service providers, international organizations, and state, local, tribal and territorial governments. Its goals are to share threat intel, and develop coordinated defenses and responses.

Coordinated Vulnerability Disclosure (CVD) Process
This is an effort to coordinate the remediation and public disclosure of new vulnerabilities across industry sectors. The goal is to ensure that users and admins are informed of new vulnerabilities clearly, timely, and simultaneously. Vulnerabilities should be reported through CISA’s Vulnerability Information and Coordination Environment (VINCE).

Joint Ransomware Task Force
This is an interagency organization focused ransomware. Its primary goals are to share information, provide guidance, and conduct investigations. Their primary effort is #StopRansomware.

National Information Exchange Model (NIEM)

The National Information Exchange Model (NIEM) is an effort aimed at creating a common vocabulary to make the exchange of information more efficient across organizations and their disparate systems. In that way, it is system agnostic. The goal is to facilitate easier communication between incompatible platforms through the use of a reference model that defines agreed-upon terms, definitions, relationships and formats. It is available in XSD, Excel, UML and JSON formats, and is free to use.

Malware Information Sharing Platform (MISP) Project

The Malware Information Sharing Platform (MISP) is an open source system for sharing threat intelligence. According to the site, “The MISP Threat Sharing project consists of multiple initiatives, from software to facilitate threat analysis and sharing to freely usable structured Cyber Threat Information and Taxonomies.” It is home to many communities engaged in sharing and collaborating, and offers a centralized software solution for storing and tracking indicators.

Forum of Incident Response and Security Teams (FIRST)

The Forum of Incident Response and Security Teams (FIRST) is a long-standing global organization that promotes the coordination of incident response and sharing.

ThreatConnect

ThreatConnect is an AI-driven tool for threat intel sharing, analysis and response. Its primary offering is a paid program that claims to be “the industry’s only threat intelligence operations platform.” It also offers a free version of its Polarity platform.

LevelBlue Open Threat Echange (OTX)

The LevelBlue Open Threat Exchange (OTX), formerly AlienVault OTX, is a free tool and community for sharing threat intelligence. Threat researches and security professionals from all over the globe can submit, validate and discuss Indicators of Compromise (IoCs). It also offers a free endpoint scanner that will check a device against reported IoCs.

Resources

National Council of ISACs (NCI)
https://www.nationalisacs.org/

CISA Information Sharing Resources
https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing

Automated Indicator Sharing (AIS)
https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/automated-indicator-sharing-ais

AIS Fact Sheet
https://www.cisa.gov/resources-tools/resources/ais-fact-sheet

Joint Cyber Defense Collaborative (JCDC)
https://www.cisa.gov/topics/partnerships-and-collaboration/joint-cyber-defense-collaborative

Coordinated Vulnerability Disclosure (CVD) Process
https://www.cisa.gov/coordinated-vulnerability-disclosure-process

VINCE
https://kb.cert.org/vuls/vulcoordrequest

Joint Ransomware Task Force
https://www.cisa.gov/joint-ransomware-task-force

National Information Exchange Model (NIEM)
http://www.niem.gov/

Malware Information Sharing Platform
https://www.misp-project.org/

FIRST
https://www.first.org/

ThreatConnect
https://threatconnect.com/

LevelBlue Open Threat Exchange (OTX)
https://otx.alienvault.com/

Conclusion

When faced with an onslaught of adversaries, it is good to know that there is help out there for the embattled defender.

Today’s tea can help as well.

Daily Cuppa

Today’s refreshing cup of tea is Tulsi Masala Chai provided by Organic India. Organic, and fair trade. This morning I steeped it a little long until it was a deep rich red. Then I added cinnamon, cardamom, turmeric and ginger, for a gut friendly booster, and mixed it with a generous portion of oat milk, for a homemade super spicy, creamy chai latte.

If you found this article useful, or enjoy the site in general, feel free to  buy the author a cup of tea.

Jason Minor
Previous

Fun with Python: A Simple Password Generator
Next

IT Security 101: Threats and Threat Actors