Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?
Sort by:
We strive not to be dependent on a single source for threat intelligence, especially given the rapid changes brought about by advances in AI. The speed of change has increased significantly, so we are working to diversify our sources and create an efficient internal process. Traditional sources remain valid, but our focus is on broadening our approach to ensure we are not reliant on any one provider.
We receive excellent information through an ISAC, and I was initially concerned that instability in government institutions and funding might affect the openness of information sharing. However, we have not seen any negative impact; people continue to share information as openly as before, which is fortunate. My hope is that if funding for organizations like CISA were to end, any gaps in information sharing would be filled by other means, as this intelligence is crucial for us. The ISAC provides an invaluable early warning system, and the depth of insight we gain from competitors and others in the health sector is remarkable.
I am not seeing a disruption in the public-private space regarding threat intelligence. In fact, I am observing the opposite. Our company serves approximately 700 customers worldwide, and within the context of the supply chain, customers often look to us for threat intelligence relevant to their business. The pace of threat intelligence has accelerated significantly, it feels almost like drinking from a fire hose. The challenge lies in quickly distilling this information and making sense of it within our own environment and across the many environments we support. While it has not become an astronomical challenge yet, I suspect this is the reality we will continue to face, especially as vendors like Microsoft and Apple release new critical vulnerabilities month after month.
Unless from CTI platforms, I have often found that one must take threat intelligence analysis provided by vendors (no matter how reputable) to be biased and should be consumed within the context of what the vendor believes to be in its best interests. The exception to this are the advisories published by national cyber defense agencies, like CISA (& FBI Cyber), CCSA, NCSC, ACSC, etc. They generally provide great detail and provide information on IOCs and MITRE ATT&CK mappings. We just need to hope that CISA continues to be funded by the Department of Homeland Security to guarantee this service continues.