Threat Intelligence: Why Sharing Is Difficult

) • July 9, 2019     10 Minutes   

Cyber adversaries are resilient and move quickly, so it's critical that organizations share real-time threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services, former assistant executive director at the FBI.

But there's still a lack of trust among organizations that has held back sharing. Henry says trust can be fostered if organizations understand what data needs to be shared, how it will be used and what organizations can expect to get back in return, whether it be IP addresses, indicators of compromise or malware hashes.

"Oftentimes I hear the phrase 'We need to have better information sharing' or 'We need to have a better public-private partnership,' but there often aren't parameters built around that," Henry says in an interview with Information Security Media Group.

That threat intelligence also needs to go to agencies that can take action against adversaries, he says.

In this interview (see audio link below photo), Henry also discusses:

Why phishing remains one of the most prevalent attack vectors; Why wiper attacks - which use malware to disable computers - are an ever-growing threat; How to mitigate the risks that come from supply chains by vetting vendors and using contractual clauses to gain visibility.

Henry is president and chief security officer at CrowdStrike Services. He's a 24-year veteran of the FBI and retired in 2012 as an assistant executive director. At the FBI, he was instrumental in developing the agency's computer crime and cybersecurity investigation capabilities, tackling denial-of-service attacks, corporate data breaches and state-sponsored intrusions.