Insight By Anomali

Breaking down the barriers to improve cyber threat information sharing

“The government doesn’t have a monopoly on threat intelligence in this space.” That’s what Tonya Uggoretz, the director of the cyber threat intelligence...

“The government doesn’t have a monopoly on threat intelligence in this space.” That’s what Tonya Uggoretz, the director of the cyber threat intelligence integration center, said quite profoundly back in April.

By no means should that comment shock anyone who pays attention to the constant and ever-changing threat to public and private sector systems, networks and data.

But what Uggoretz’s comments did do is hit the nail right on the head when it comes to this constant push and pull between government and industry to share what they know, when they know it and how to fix it in a trusted and secure way.

Over the years we’ve seen a host of pilot programs and attempts to ensure there is no monopoly. From Homeland Security Department’s Automated Indicator Sharing (AIS) program to the Defense Department’s DIBNET-S, which is a classified network for defense contractors to receive intelligence on threats to their companies, and the just recently announced National Risk Management Center from DHS, which aims to help break down some of the communication barriers that exist between the government and sectors when it comes to sharing cybersecurity threats, these and so many other approaches still haven’t helped agencies and industry finally break free from the culture and technical challenges they face with cyber threat information sharing.


Utilizing Threat Intelligence in Cyber Posture

The scale of the problem is incredible. I’ve been at Anomoli for about four years and when I first started here it was 200,00 or 300,000 indictors. Year two it was 2-to-3 million. Now it’s over 100 million indicators that everyone has access to on our platform.


Volume and Data Issues

We know that meant…key players dropped in the next couple of dozen patches that you need to put on right now. We know Patch Tuesday is preceded by Adversary Scan Wednesday. We know the adversary is already actively looking so our job is to look for any of those now known vulnerabilities for the systems we have, how fast we can patch and share what the adversary is focused on.”


AI and Machine Learning

Quality, context and speed are the three things we need to continue to focus on [around cyber threat intelligence]. We need to set the standards, we need to set the mechanism, and we need to not just focus on that after we have an attack or incident, but we need to make sure we actually lay that path ahead.

Listen to the full show:

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Resource Center

    Cybersecurity Challenges for State and Local Governments

    Read more

    What is a Threat Intelligence Platform?

    Read more

    Turkish Hacktivists Respond to US Sanctions: Anomali Labs Cyber Threat Brief

    Read more

    Email Spoofing a Threat to the 2018 US Midterm Elections

    Read more

    People’s Republic of China (PRC) Cybersecurity Profile

    Read more

    Iran Cybersecurity Profile from Anomali Labs

    Read more

    North Korea Cybersecurity Profile

    Read more

    WhitePaper Russian Federation Cybersecurity Profile

    Read more

    SANS 2018 Cyber Threat Intelligence (CTI) Survey

    Read more

Panel of experts

  • Melinda Rogers

    Deputy Chief Information Officer, Department of Justice

  • Col. Paul Craft

    Director of Operations, Joint Forces Headquarters, Department of Defense Information Networks (JFHQ-DoDIN)

  • Brian Murphy

    Principal Deputy Under Secretary, Office of Intelligence and Analysis, Department of Homeland Security

  • Scott Algeier

    Executive Director, Information Technology – Information Sharing and Analysis Center (IT-ISAC)

  • Trish Cagliostro

    Director, Federal Solution Architects, Anomali

  • Jason Miller

    Executive Editor,