The best collaboration that has happened thus far in security operations has been the ISAC - however, participants will agree that it has degenerated to simply becoming a mailing list of noisy IOCs sent to 1000's of recipients with no clear instructions on how to detect & mitigate. This is not materially useful.
The level of enterprise SOC collaboration must evolve significantly to contain implementation-ready instructions and code, with enriching analytics to provide context and guidance, and must be easy to use with targeted sharing amongst trusted groups. The most common questions we get from CISOs who are willing to share detection logic are:
- What are we sharing?
- With whom are we sharing?
- How are we sharing?
The platform that provides simple, usable and elegant answers (and actually implements it!) will win.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.