Gartner Research

Information Sharing as an Industry Imperative to Improve Security

Published: 17 June 2013

ID: G00249704

Analyst(s): Daniel Blum, Anton Chuvakin

Summary

Collaborative defense is becoming much-needed in information security, and broader security data sharing is at its core due to the proliferation of advanced threats. This document assesses the current state of data sharing and provides recommendations for enterprises and vendors.

Table Of Contents

Summary of Findings

Analysis

  • Scope
  • Goals for Sharing
  • Exchanging Threat, Incident and Vulnerability Information
    • Different Data, Different Sensitivities
    • Context Is Important
  • The Circles of Sharing
    • Sharing Relationships
  • Sharing Arrangements
    • Grouping of Participants
    • Control of Information
    • Interchange Methods
    • Standards and Protocols
    • Usage of Information
  • Challenges and Concerns
    • Trust: One of the Challenges
    • Other Challenges to Sharing
  • Industry Trends
    • Legislative and Policy Initiatives to Promote Sharing
    • Market Trends and Communities That Enable Sharing
    • Industry-Level Communities
  • Future Developments
    • Automating Information Exchange
    • Enriching Threat Data Context — and the Data Itself
    • Raising the Level From Threat Indicators to Threat Analytics
    • The Government Role in Information Sharing
    • Building Security Data Sharing Into Products
  • Strengths and Weaknesses
    • Strengths
    • Weaknesses
  • Sharing Is a Participatory Sport
  • Know What Is Out-of-Bounds
  • Share Wisely
  • Involve the Legal Department — When Possible
  • Receive Effectively
  • Balance Personal and Organizational Aspects
  • Motivate Security Vendors and Providers to Embrace Shared Defense Models
  • Use Standards Whenever Possible
  • Use Shared Data to Speed Up Detection and Response
  • If Needed, Establish a New Threat Assessment Function
  • Open Many Channels to Share Security Data With Individuals, Partners and Peers

The Details

  • Measure and Test Sharing
  • Specific Types of Frequently Exchanged Information
    • Technical Security Indicators
    • Nontechnical Security Indicators
    • Incident Data

Recommended Reading

Notes

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.