True Abuse Situation Awareness through Critical Infrastructure Sector Augmentation
A national CSIRT customer of ours had been working with us to systematically define the network owners in their country. As part of this systematic work to assign critical infrastructure sectors to their stakeholders, they are able to see how abuse affects their critical infrastructure -- in real time. Recently, they had a large abuse campaign within their nation and various CSIRT teams were pulling their resources together to mitigate the abuse. At first a number of experts were debating which critical infrastructure sectors were actually affected by this campaign. Our customer, however, was able to produce a factual real-time situation picture of the campaign, since they could automatically discern the CI sectors and organizations involved.
Lesson learned: Systematic stakeholder definition and the resulting automated enriching of meta information helps gain true situation awareness over an abuse topic.
International Real-time Sharing of Unclassified Indicators of Compromise, IOC
International automated data sharing on cyber criminality has been talked about since the 1990s. Numerous initiatives have been set up for this purpose and that never seem to get further than defining a data sharing format. With the help of AbuseSA and our public data harmonization ontology, a number of our customers are sharing CERTISP unclassified IOC, indicators of compromise, automatically, internationally and in real time. For example, NCSC-FI and CERT-UK currently use AbuseSA to share information .
Lesson learned: Real time automated data sharing is possible with the help of AbuseSA and its generic data harmonisation ontology.