Over the last few months, we’ve talked about the increasing importance of threat intelligence (TI) and intelligence sharing both now a critical requirement of cybersecurity operations. There are many sources of TI spanning commercial, open source, industry, and government sources. In this blog, we are going to focus on industry-specific TI that is available from Information Sharing and Analysis Centers (ISACs). ISAC threat feeds provide valuable, industry-specific TI but as with TI in general, the ability to operationalize it is key to maximizing value.
A Look at the ISACs
According to the National Council of ISACs (NCI):
“ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation. Typically, nonprofit organizations, ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.”
“Most ISACs have 24/7 threat warning and incident reporting capabilities and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners.”
Below is a list of current NCI Member ISACs.
ISACs are gaining significant traction. For example,
- The Financial Services ISAC (FS-ISAC) has over 7,000 global members including banks, asset managers, broker dealers, insurance companies, etc.
- The Retail Cyber Intelligence Sharing Center (R-CISC) has members representing over $1 trillion in annual revenue.
ISAC Threat Feeds Provide Valuable Industry-Specific TI
While cybersecurity is a horizontal problem affecting all companies across all industries, there is an important vertical element to the problem with threat actors often conducting targeted attacks on specific industries. This makes having situational awareness and intelligence about cyber activity and threats in your industry critical. ISACs provide the primary forum for the exchange of industry-specific cyber threat information. One of the cool benefits ISACs provide are industry-specific TI feeds that can be accessed manually or in an automated way.
Operationalizing ISAC Threat Feeds is Critical
As with TI in general, industry-specific TI can provide valuable context. However, it’s what you do with it that’s important. It’s about operationalizing TI so that you can use it to protect your business in an effective and efficient manner.
Operationalizing ISAC TI is one of the key use cases we are seeing from customers deploying our PoliWall® Threat Intelligence Gateway. Customers are using PoliWall to automate their consumption of ISAC TI and importantly being able to use that TI to prevent, detect, and respond to threats.
ISAC TI feeds are easily integrated into PoliWall and are automatically updated eliminating the manual burden of consuming ISAC TI. Threat indicators from ISAC threat feeds can also be combined with indicators from other TI sources providing more context about potential threat actor activity.
Now comes the fun part! Doing something with the ISAC TI!
Here, we see two main use cases.
The first is threat prevention through policy-based blocking based on threat indicators from ISAC and other TI feeds.
The second use case is increasing visibility into potential threat actor activity by filtering network traffic against indicators from ISAC and other TI feeds. This use case is geared towards enhancing detection and security monitoring efforts with information from PoliWall adding valuable context to a broader picture. In this use case, customers often integrate information from PoliWall into their SIEM systems. This integration tends to be bi-directional as customers look to also leverage PoliWall as an enforcement mechanism to enable automated threat response.
ISAC threat feeds provide critical intelligence about cyber threat activity in specific industries.But as with TI in general the key to gaining value from ISAC TI is doing something with it.Customers are using PoliWall TIG as a mechanism to gain value from ISAC and broader TI feeds by using the TI to prevent, detect and respond to threats and unwanted traffic entering and exiting their networks.To see how easy it is to operate PoliWall TIG check out this video.