ThreatConnect for the Cyber Threat Response Organization

A Cyber Threat Response Organization consisting of public and private sector members chose ThreatConnect’s Information Sharing and Analysis Organization (ISAO) and Information Sharing and Analysis Center (ISAC) edition to facilitate the sharing of important cyber threat information amongst its membership.

About the Organization. The Organization was designed to bring together Chief Information Officers, Chief Information Security Officers and their threat analysis teams, from public sector and small to large private
sector organizations located in the same U.S. state, to effectively analyze critical, real-time intelligence and respond to emerging cyber threats. The goal was to give cross-industry group members the opportunity to better protect their assets, state critical infrastructure, and key resources from across the state.

The Problem: No Way to Safely Collect and Share Cyber Threat Information. The Cyber Threat Response Organization set out to find a solution to share important threat data with its membership. Due to the complexity and confidential nature of cyber threats, the Organization established a list of requirements that needed to be met prior to service selection.

• Private member collaboration environment
• Anonymous member information sharing
• Document and threat indicator storage
• Membership growth scalability
• Support from a leading Threat
• Intelligence Research Team
• User-level access control
• Advanced analytics
• Community notifications
• API access to community intelligence to develop
• Automated actions

• Access to other threat intelligence communities

The Threat Response Organization chose the ThreatConnect ISAO edition on account of its ability to meet or exceed their criteria. The Organization assigned a staff member to develop, maintain, and lead recruiting for the ThreatConnect ISAC/ISAO group. Due to the confidential nature of some cyber threats, members are asked to accept a code of conduct, and be members of the FBI’s InfraGard Program. By carefully vetting members and asking them to agree to minimum standards to participate, the Organization ensured the membership would only consist of high-quality participants with vested interest in the state’s public and private sector business community.

---

How ThreatConnect Solved the Problem

ThreatConnect’s ISAO/ISAC edition allowed the Cyber Threat Response Organization to provide a single Threat Intelligence Platform (TIP) for their membership to aggregate their threat data, analyze a complex set of indicators, and take corrective action against their adversaries. Members are able to maximize the value of their existing adversary knowledge. Using the various monitoring and alerting features for domain names, and Whois Registrations, members are able to automatically track and be alerted to new adversary actions, rather than having to manually search for them. Once alerted, the member has the ability to act on the community-based intelligence into their network defense products.

Main Benefits of ThreatConnect

ThreatConnect allows the community members to pool their threat intelligence and their resources. Community members are seeing an improvement in the protection of their assets, key resources, and state critical infrastructure. ThreatConnect provided the ability to focus on bringing in intelligence that mattered to their state from multiple sources; automated tracking of adversary infrastructure, allowed contributions from their state community peers, and research contributed by ThreatConnect. This has allowed the membership to take a proactive stance against different adversaries; now having broad detection in place before they were targeted.