By giving you will receive safety
Sharing is key to fast and effective detection of attacks. Quite often similar organisations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.
Implementing an automatic synchronisation of your IOC's gives you a hassle free "always-up-to-date" situation for your own security components in terms of detecting, alerting and blocking known malisious activities.
Having a framework like the MISP at hand, you can very granually decide what to share and what to receive.
The IT community is confronted with incidents of all kinds and nature, new threats appear on a daily basis. Fighting these security incidents individually is almost impossible. Sharing information about threats among the community has become a key element in incident response to stay on top of the attackers. Reliable information resources, providing credible information, are therefore essential to the IT community, or even at broader scale, to intelligence communities or fraud detection groups. This paper presents the Malware Information Sharing Platform (MISP) and threat sharing project, a trusted platform, that allows the collection and sharing of important indicators of compromise (IoC) of targeted attacks, but also threat information like vulnerabilities or financial indicators used in fraud cases. The aim of MISP is to help in setting up preventive actions and countermeasures used against targeted attacks. Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
Threat intelligence is of crucial importance to companies in their everyday struggle with complex threats. It allows businesses to keep up to date with the evolving landscape before technical threat descriptions become publicly available. This access to constantly updated information from expert sources and the very latest APT Intelligence reports means that an effective and swift response can be taken to overcome potential threats, through improved visibility of criminal and cyberespionage tactics, techniques and procedures available in human and machine readable formats such Indicators of compromise (IoC) and Yara rules.
The main motivation keys of IOC-sharing is:
- My threat is your safety
- Faster access to actionable security information, often peer / industry relevant
- Causes the threat actors to change infrastructure more frequently
- Builds trust relationships between organizations
- Supports an Intelligence Driven security model
- Decide yourself which information is eligable of sharing with whom
- Fight back the massive power of maliciouse actors by concentrating your power with many others