Actions to start CTI sharing in your organization
Clear it with your manager
If your organization is new to CTI sharing, the first thing to do is to get the general manager approval. Being overconfident about your organization’s appetite to share network data (especially if the managers don’t understand the benefits) can be a costly, yet an avoidable mistake.
Start sharing a few data
Don’t start planning to share details on a data exfiltration event that currently has your organization in crisis mode. Instead, ask if it’s ok to share a few data, e.g. a range of IPs that have been brute forcing logins on the company website.
Share experience when you can’t share intelligence
It’s always useful for the community, if you do have any useful intelligence to share, it’s always possible to add value to the community by lending knowledge and experience.
Show the value of CTI sharing
Tie your participation in CTI communities to any metrics that enable you to demonstrate that your organization’s security posture has increased during that time. For example, show any time that participation in a CTI group has directly led to intelligence that helped decrease alerted events and helped your team get ahead of a new attack.
Look for the right CTI communities for your organization
There’s always a CTI community for everything your organization needs. Some communities are invite-only, and probably these hyper-niche groups can provide big value to your organization as you can get expert consulting from top minds in the field.
The more data you have
The more points you can correlate faster. Joining a CTI sharing community gives you access to data you’d never even know about abling better decision making when it comes to your defensive actions. More importantly, CTI sharing makes all organizations more secure and unites us under a common cause.
OneFirewall Alliance is able to consult and provide the needed experience in this field with developed software for CTI Sharing (we call it World Crime Feeds Agent). Speak to us