Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyberattacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived eight key findings and discuss how existing gaps should be addressed by future research.

[1]  Panos Kampanakis,et al.  Security Automation and Threat Information-Sharing Options , 2014, IEEE Security & Privacy.

[2]  Richard T. Vidgen,et al.  An exploration of technical debt , 2013, J. Syst. Softw..

[3]  Harald Baier,et al.  How to exchange security events? Overview and evaluation of formats and protocols , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[4]  Vahid Garousi,et al.  The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature , 2016, EASE.

[5]  Emilia Mendes,et al.  A Systematic Literature Review of Software Process Improvement in Small and Medium Web Companies , 2009, FGIT-ASEA.

[6]  Rodney T. Ogawa,et al.  Towards Rigor in Reviews of Multivocal Literatures: Applying the Exploratory Case Study Method , 1991 .

[7]  John S. Heidemann,et al.  Privacy Principles for Sharing Cyber Security Data , 2015, 2015 IEEE Security and Privacy Workshops.

[8]  Guoying Zhang,et al.  Quality Competition and Market Segmentation in the Security Software Market , 2014, MIS Q..

[9]  Ruth Breu,et al.  Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice , 2016, WISCS@CCS.

[10]  Mark G. Stingley,et al.  Automated Defense-Using Threat Intelligence to Augment , 2019 .

[11]  Stefan Fenz,et al.  Current challenges in information security risk management , 2014, Inf. Manag. Comput. Secur..

[12]  Tomas Sander,et al.  UX Aspects of Threat Information Sharing Platforms: An Examination & Lessons Learned Using Personas , 2015, WISCS@CCS.

[13]  Industrial Strategy Information security breaches survey , 2013 .

[14]  R.A. Martin,et al.  Making security measurable and manageable , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[15]  Edgar R. Weippl,et al.  Governance, Risk & Compliance (GRC) Software - An Exploratory Study of Software Vendor and Market Research Perspectives , 2011, 2011 44th Hawaii International Conference on System Sciences.

[16]  Shuchih Ernest Chang,et al.  Exploring organizational culture for information security management , 2007, Ind. Manag. Data Syst..

[17]  Jonas Repschläger Transparency in Cloud Business: Cluster Analysis of Software as a Service Characteristics , 2013, GPC.

[18]  L. Dandurand,et al.  Towards improved cyber security information sharing , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[19]  Aiko Pras,et al.  In Whom Do We Trust - Sharing Security Events , 2016, AIMS.

[20]  Richard F. Elmore,et al.  Comment on “Towards Rigor in Reviews of Multivocal Literatures: Applying the Exploratory Case Study Method” , 1991 .

[21]  Eric W. Burger,et al.  Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies , 2014, WISCS '14.

[22]  Oscar Serrano Serrano,et al.  From Cyber Security Information Sharing to Threat Management , 2015, WISCS@CCS.

[23]  Peter Gill,et al.  Intelligence in an Insecure World , 2006 .

[24]  Sarah Brown,et al.  On the Design of a Cyber Security Data Sharing System , 2014, WISCS '14.

[25]  Stuart Murdoch,et al.  Anonymity vs. Trust in Cyber-Security Collaboration , 2015, WISCS@CCS.

[26]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[27]  Nancy Cam-Winget,et al.  An Actionable Threat Intelligence system using a Publish-Subscribe communications model , 2015, WISCS@CCS.

[28]  Philipp Mayring,et al.  Die Praxis der qualitativen Inhaltsanalyse , 2005 .

[29]  Apostolos Ampatzoglou,et al.  The financial aspect of managing technical debt: A systematic literature review , 2015, Inf. Softw. Technol..

[30]  Richards J. Heuer,et al.  Psychology of Intelligence Analysis , 1999 .

[31]  Frank Fransen,et al.  Cyber security information exchange to gain insight into the effects of cyber threats and incidents , 2015, Elektrotech. Informationstechnik.