Security teams use threat intelligence as a critical input to their security response process. To best understand the depth of a potential problem, analysts will use threat intelligence as part of their threat investigation process. It can also be used to proactively stop a potential attack, but mass market threat intelligence is typically not specific enough or timely enough to help a security team proactively stop an incident before it happens.
How do you get fast, precise information in other aspects of your life? It’s through sharing. Information from your networks – whether shared personally or more broadly over social media – helps you get smarter, fast.
Why can’t we do the same for corporate security? Analysts actually do share information with each other but it’s done informally and on a one-on-one basis. And when an organization is under attack, it’s very difficult to share information with anyone without exposing that your organization is fighting an active threat.
Today, ServiceNow announced Trusted Security Circles, a new application built into Security Operations which allows organizations to share and receive hyper-relevant threat intelligence in near real-time. Organizations control every aspect of what they share, who they share with and most importantly, they can be fully anonymous when they share.
This allows other organizations to be forewarned of upcoming attacks and the necessary information to prevent them from reaching their organization. When an organization receives the anonymously shared threat intelligence, a search is automatically performed to see if any indicators of the attack are present in their infrastructure. And depending on the results of the search, a security incident can be automatically created in Security Operations. Then workflows, automation and orchestration can take over to proactively block the upcoming attack. And they may choose to share this threat intelligence information and their findings with their trusted security circles.
The recipient of the anonymous threat intelligence is now protected from the threat and the sender of the information is able to make their community safer without exposing that they were under attack.
Trusted Security Circles is coming in July 2017 with the Jakarta release of Security Operations. To learn more, please contact your ServiceNow sales representative.