Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Understanding The Challenges In Information Sharing

With the Ever-Changing Threat Landscape, Knowledge is Power.

With the Ever-Changing Threat Landscape, Knowledge is Power.

It is unlikely to surprise anyone that a successful information sharing program is an integral part of a mature security operations program. Simply put, the combined knowledge of many organizations is greater than the individual knowledge of just one.

Organizations that don’t already have an information sharing program in place are likely either building one, or planning to build one.

While everyone approaches the effort of information sharing with the best intentions, the results vary widely from organization to organization. Some organizations end up with wildly successful information sharing programs, while others struggle.

Understanding the challenges up front can help organizations learn from the mistakes of others and build a more successful information sharing program.

Information SharingVision: Before a successful information sharing program can be put in place, leadership within the security organization needs to embrace the concept. Further, leadership needs to outline and articulate a strong vision and a high level process for information sharing. This lends the information sharing program credibility within the organization and empowers security operations personnel to accomplish the information sharing goals set for them by leadership. If leadership does not understand the task at hand, it will be difficult for the remainder of the security operations team to make progress in the endeavor. It is difficult to build a program without understanding what one has set out to build.

People: Ultimately, it is people that build and leverage information sharing bridges and relationships. People who excel at information sharing tend to be highly analytical, have a good understanding of what information is of value and interest to others, build relationships well (both inter-organizational and interpersonal), and have good attention to detail. People with these qualities will fare better than others when assigned the information sharing responsibility.

It is important to consider these traits in order to assign the proper individuals to the information sharing challenge at hand. Working with the right people can mean a world of difference to an information sharing program, and quite literally.  The people who share information on your behalf represent you globally.

Technology: Information sharing is already a difficult enough challenge. The last thing an organization needs is to fight with its technology. Ensure that technology that facilitates, rather than fights, information sharing and the analysis that goes with it is deployed and in use. It may require a bit more of an investment than less-capable or less-usable technology, but a successful information sharing effort usually results in earlier detection and response to attacks This has the potential to save the organization millions of dollars in the long run.

Workflow: The bottom line is that, all else aside, if it is easy enough to share information, people will. Integrating information sharing processes into the operational workflow makes it easier to share information, which results in more efficient and effective information sharing. Additionally, new standards and technologies to automate information sharing should be evaluated as they become available and mature. Additional, tangential processes should be minimized or avoided altogether, as they tend to be overlooked or skipped. That obviously inhibits the desired information sharing behaviors.

Inertia: Inertia is an incredibly powerful force. It sometimes amazes me just how powerful it can be. For whatever reason, it is difficult for people and organizations to modify their behaviors and embrace something new, even something as important as information sharing. The will of the organization needs to be stronger than inertia. As far as I know, this is the only way to overcome this challenge. Where there is a will, there is a way. 

Legal/Privacy: This is often the elephant in the room. Legal and privacy concerns are often used, sometimes as a crutch, to explain why more information is not shared. There are certainly legitimate concerns and issues here, and I don’t mean to trivialize those. That being said, there are also concerns and issues that arise from misunderstandings and lack of communication.

Threat Information Sharing IssuesThe number of lawyers and privacy professionals that understand technology and, specifically, information security is unfortunately small. That being said, lawyers and privacy professionals are intelligent people. The onus is on us as security professionals to explain to them, in clear and concise language, what it is we would like to do and why it is important for the organization.  

Having explained information sharing to legal and privacy professionals in the past, I have learned that it is helpful to explain what is to be shared and then to explain how it is not privileged, private, or protected information. Further, a documented process should exist to both determine what is shareable, as well as what should be done in the event that something was shared that should not have been. Expect to go into detail here — the details are important.  Is it fun writing this process?  No way. But, it is necessary.

Street Cred: Sometimes, being remembered helps. People are most likely to share information with those people that are in their thoughts. And the people most likely to be in someone else’s thoughts are the people that have street credibility. Street cred comes from a variety of factors, but among them are professional reputation and the balance between giving and receiving. It is easy enough to receive, but don’t forget to give. Those who give the most, receive the most.

Information sharing is not easy, but then again, neither are most things worth doing. Information sharing involves the coordination of many details, and often incurs the challenges I’ve listed above and other. After all is said and done, organizations that share information effectively will be better able to defend themselves than those that do not. Collectively, we can know more than we can individually, and with the ever-changing threat landscape, knowledge is power.

RelatedCyber Attack Exercise Reveals Information Sharing Struggles

Related: Draft Cybersecurity Legislation on Information Sharing Circulates

Related: Threat Information Sharing – Fighting Fire With Fire

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently a Fraud Solutions Architect - EMEA and APCJ at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.