Study: Automated Info Sharing Improves Threat Response Time

Automated threat intelligence sharing can significantly reduce the amount of time it takes organizations to identify, assess and react to attacks, according to new research from Johns Hopkins Applied Physics Lab Research.

John Hopkins' researchers found that organizations that used automated information sharing reduced their threat-response time by 98 percent, says Mark Clancy, CEO of Soltra, an automated information sharing platform developed by the Depository Trust & Clearing Corp., which provides clearing and settlement services to U.S. banks, and the Financial Services Information Sharing and Analysis Center.

"Johns Hopkins Applied Physics Lab Research, in doing some work for DHS [Department of Homeland Security] and NSA [National Security Agency], looked at what a manual implementation would like from awareness, decision, action, and what automation would look like," Clancy tells Information Security Media Group in an interview at RSA Conference 2016. "The punchline of that research study was that they looked at four organizations and found that their best case performance manually was 10 minutes from awareness to decision, and 45 minutes from decision to action. Their worst case was 11 hours from awareness to decision, and 45 minutes to act. They implemented automation, including Soltra and some other tools, and their worst case performance went to 10 minutes from awareness to decision, and 60 seconds from decision to action. Their best case performance was under a minute from awareness to decision, and under 30 seconds from decision to action."

A big challenge, however, is 'how do you act on this stuff?'" Clancy acknowledges. "And if you look at the process, you need to become aware of it, you need to make a decision on what to do and then you need to complete an action to address it. And the way that you make the decision is to have context on the threat."

During this interview (see audio link below photo), Clancy also discusses:

The various industries that are using automated information sharing provided by Soltra; How an updated release of STIX, the Structured Threat Information eXpression, will impact the Soltra platform; and How the DHS's Automated Indicator Sharing System is being used to enhance cross-industry threat intelligence sharing.

Before taking the helm at Soltra, Clancy served as CISO at DTCC. He also serves as a vice chairman of the FS-ISAC's board of directors and as a member of he Financial Services Sector Coordinating Council's executive committee. Before joining DTCC in 2009, Clancy was executive vice president of IT risk at Citigroup.