An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
Article No.: 30, Pages 1 - 7
Abstract
Threat intelligence sharing is a promising solution to enhance knowledge and situational awareness of the rapidly growing number of emerging cyber threats. Accordingly, there are a variety of platforms on the security solutions market that enable the efficient and targeted exchange of threat intelligence across organisations. Unfortunately, very little is known so far about the dissemination and use of these platforms from the end-user perspective. To address this issue, we conducted an exploratory study on the use of threat intelligence sharing platforms in Germany, Austria and Switzerland. For this purpose, we surveyed 69 security and IT experts from large companies, federal authorities and public universities in autumn 2022. Our findings show, among other things, a growing interest in threat intelligence sharing platforms and their value to information security processes.
References
[1]
Md Sahrom Abu, Siti Rahayu Selamat, Aswami Ariffin, and Robiah Yusof. 2018. Cyber threat intelligence–issue and challenges. Indonesian Journal of Electrical Engineering and Computer Science 10, 1 (2018), 371–379.
[2]
Waleed Alkalabi, Leonie Simpson, and Hasmukh Morarji. 2021. Barriers and incentives to cybersecurity threat information sharing in developing countries: a case study of Saudi Arabia. In 2021 Australasian Computer Science Week Multiconference. 1–8.
[3]
Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information expression (stix). Mitre Corporation 11 (2012), 1–22.
[4]
Sara Bauer, Daniel Fischer, Clemens Sauerwein, Simon Latzel, Dirk Stelzer, and Ruth Breu. 2020. Towards an Evaluation Framework for Threat Intelligence Sharing Platforms. In HICSS. 1–10.
[5]
Jelke Bethlehem and Silvia Biffignandi. 2021. Handbook of web surveys. John Wiley & Sons.
[6]
Lucas José Borges Amaro, Bruce William Percilio Azevedo, Fabio Lucio Lopes de Mendonca, William Ferreira Giozza, Robson de Oliveira Albuquerque, and Luis Javier García Villalba. 2022. Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data. Applied Sciences 12, 3 (2022), 1205.
[7]
Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, and Michel Van Eeten. 2020. A different cup of TI? The added value of commercial threat intelligence. In Proceedings of the 29th USENIX Conference on Security Symposium. 433–450.
[8]
James Bridge. 2022. A Quantitative Study of the Relationship of Data Quality Dimensions and User Satisfaction with Cyber Threat Intelligence. Ph. D. Dissertation. Capella University.
[9]
Rebekah Brown and Robert M Lee. 2021. 2021 SANS Cyber Threat Intelligence (CTI) Survey. In Tech. Rep. SANS Institute.
[10]
Rebekah Brown and Pasquale Stirparo. 2022. SANS 2022 Cyber Threat Intelligence Survey. In Tech. Rep. SANS Institute.
[11]
Sarah Brown, Joep Gommers, and Oscar Serrano. 2015. From cyber security information sharing to threat management. In Proceedings of the 2nd ACM workshop on information sharing and collaborative security. 43–49.
[12]
Janet Chan, Sarah Logan, and Lyria Bennett Moses. 2022. Rules in information sharing for security. Criminology & criminal justice 22, 2 (2022), 304–322.
[13]
David Chismon and Martyn Ruks. 2015. Threat intelligence: Collecting, analysing, evaluating. MWR InfoSecurity Ltd 3, 2 (2015), 36–42.
[14]
Julie Connolly, Mark Davidson, and Charles Schmidt. 2016. Trusted Automated eXchange of Indicator Information (TAXII™), 2 May 2014.
[15]
Luc Dandurand and Oscar Serrano Serrano. 2013. Towards improved cyber security information sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013). IEEE, 1–16.
[16]
Suresh Dannana, T Prabakaran, Arun Sekar Rajasekaran, N Kumareshan, S Finney Daniel Shadrach, and P Kalyanchakravarthi. 2022. A Novel System Model for Managing Cyber Threat Intelligence. In 2022 IEEE 2nd Mysore Sub Section International Conference (MysuruCon). IEEE, 1–5.
[17]
Alessandra de Melo e Silva, João José Costa Gondim, Robson de Oliveira Albuquerque, and Luis Javier García Villalba. 2020. A Methodology to Evaluate Standards and Platforms within Cyber Threat Intelligence. Future Internet 12, 6 (2020), 108.
[18]
Martin E Dempsey. 2013. Joint intelligence. Joint Publication (2013), 2–0.
[19]
BSI Bundesamt für Sicherheit in der Informationstechnik. 2018. Cyber Sicherheitsumfrage Cyber Risiken und Schutzmaßnahmen in Unternehmen. BSI - Lageberichte und Lagebilder (2018).
[20]
Mathias Gschwandtner, Lukas Demetz, Matthias Gander, and Ronald Maier. 2018. Integrating threat intelligence to enhance an organization’s information security management. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1–8.
[21]
NTT Security Holdings. 2023. 2022 Global Threat Intelligence Report. https://www.security.ntt/global-threat-intelligence-report-2022 Accessed on March 14th, 2023.
[22]
Lella Ifigeneia, Tsekmezoglou Eleni, Svetozarov Naydenov Rossen, Ciobanu Cosmin, Malatras Apostolos, and Theocharidou Marianthi. 2022. ENISA Threat landscape 2022. ENISA, Oct (2022).
[23]
ISO. 2022. ISO/IEC 27002:2022. In Information security, cybersecurity and privacy protection — Information security controls.
[24]
Chris Johnson, Lee Badger, David Waltermire, Julie Snyder, and Clem Skorupka. 2016. Guide to cyber threat information sharing. NIST special publication 800, 150 (2016).
[25]
Priscilla Koepke. 2017. Cybersecurity information sharing incentives and barriers. Sloan School of Management at MIT University: Cambridge, MA, USA (2017).
[26]
Helmut Kromrey, Jochen Roose, and Jörg Strübing. 2016. Empirische Sozialforschung: Modelle und Methoden der standardisierten Datenerhebung und Datenauswertung. Vol. 1040. Utb.
[27]
Cathy Lewin and Bridget Somekh. 2011. Theory and methods in social research. Theory and methods in social research (2011), 1–368.
[28]
Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2019. Reading the tea leaves: A comparative analysis of threat intelligence. In 28th USENIX security symposium (USENIX Security 19). 851–867.
[29]
Ponemon Institute LLC. 2021. Fourth Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way. In Tech. Rep. Ponemon Institute.
[30]
Florian Menges and Günther Pernul. 2018. A comparative analysis of incident reporting formats. Computers & Security 73 (2018), 87–101.
[31]
Indraneel Mukhopadhyay. 2022. Cyber threats landscape overview under the new normal. In ICT Analysis and Applications. Springer, 729–736.
[32]
Muyowa Mutemwa, Jabu Mtsweni, and Njabulo Mkhonto. 2017. Developing a cyber threat intelligence sharing platform for South African organisations. In 2017 Conference on Information Communication Technology and Society (ICTAS). IEEE, 1–6.
[33]
Andrew Nolan. 2015. Cybersecurity and information sharing: Legal challenges and solutions. Vol. 5. Congressional Research Service.
[34]
Georgios Sakellariou, Panagiotis Fouliras, Ioannis Mavridis, and Panagiotis Sarigiannidis. 2022. A Reference Model for Cyber Threat Intelligence (CTI) Systems. Electronics 11, 9 (2022), 1401.
[35]
Clemens Sauerwein, Daniel Fischer, Milena Rubsamen, Guido Rosenberger, Dirk Stelzer, and Ruth Breu. 2021. From threat data to actionable intelligence: an exploratory analysis of the intelligence cycle implementation in cyber threat intelligence sharing platforms. In Proceedings of the 16th International Conference on Availability, Reliability and Security. 1–9.
[36]
Clemens Sauerwein, Christian Sillaber, and Ruth Breu. 2018. Shadow cyber threat intelligence and its use in information security and risk management processes. Multikonferenz Wirtschaftsinformatik (MKWI 2018) (2018), 1333–1344.
[37]
Clemens Sauerwein, Christian Sillaber, Andrea Mussmann, and Ruth Breu. 2017. Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives. (2017).
[38]
Thomas Schaberreiter, Veronika Kupfersberger, Konstantinos Rantos, Arnolnt Spyros, Alexandros Papanikolaou, Christos Ilioudis, and Gerald Quirchmayr. 2019. A quantitative evaluation of trust in the quality of cyber threat intelligence sources. In Proceedings of the 14th International Conference on Availability, Reliability and Security. 1–10.
[39]
Daniel Schlette, Marco Caselli, and Günther Pernul. 2021. A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Communications Surveys & Tutorials 23, 4 (2021), 2525–2556.
[40]
Ari Schwartz, Sejal C Shah, Matthew H MacKenzie, Sheena Thomas, Tara Sugiyama Potashnik, and Bri Law. 2016. Automating Threat Sharing: How Companies Can Best Ensure Liability Protection When Sharing Cyber Threat Information With Other Companies or Organizations. U. Mich. JL Reform 50 (2016), 887.
[41]
Oscar Serrano, Luc Dandurand, and Sarah Brown. 2014. On the design of a cyber security data sharing system. In proceedings of the 2014 ACM workshop on information sharing & collaborative security. 61–69.
[42]
Dave Shackleford. 2018. CTI in Security Operations: SANS 2018 Cyber Threat Intelligence Survey. In Tech. Rep. SANS Institute.
[43]
Christian Sillaber, Clemens Sauerwein, Andrea Mussmann, and Ruth Breu. 2016. Data quality challenges and future research directions in threat intelligence sharing practice. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. 65–70.
[44]
Christian Sillaber, Clemens Sauerwein, Andrea Mussmann, and Ruth Breu. 2018. Towards a maturity model for inter-organizational cyber threat intelligence sharing: A case study of stakeholder’s expectations and willingness to share. Proceedings of Multikonferenz Wirtschaftsinformatik (MKWI 2018) (2018), 6–9.
[45]
Florian Skopik, Giuseppe Settanni, and Roman Fiedler. 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security 60 (2016), 154–176.
[46]
Borce Stojkovski and Gabriele Lenzini. 2021. A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 324–330.
[47]
Wiem Tounsi and Helmi Rais. 2018. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & security 72 (2018), 212–233.
[48]
Cynthia Wagner, Alexandre Dulaunoy, Gérard Wagener, and Andras Iklody. 2016. Misp: The design and implementation of a collaborative threat intelligence sharing platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. 49–56.
[49]
Thomas D Wagner, Khaled Mahbub, Esther Palomar, and Ali E Abdallah. 2019. Cyber threat intelligence sharing: Survey and research directions. Computers & Security 87 (2019), 101589.
[50]
Martin Werchan, Daniel Fischer, and Clemens Sauerwein. 2023. TISP Survey DACH 2022 - Questionnaire. https://cloud.tu-ilmenau.de/s/DpYpWwBJNDmWW9C. Accessed: 13.6.2023.
[51]
Wanying Zhao and Gregory White. 2012. A collaborative information sharing framework for community cyber security. In 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, 457–462.
[52]
Adam Zibak, Clemens Sauerwein, and Andrew Simpson. 2021. A success model for cyber threat intelligence management platforms. Computers & Security 111 (2021), 102466.
[53]
Adam Zibak, Clemens Sauerwein, and Andrew C Simpson. 2022. Threat Intelligence Quality Dimensions for Research and Practice. Digital Threats: Research and Practice 3, 4 (2022), 1–22.
[54]
Adam Zibak and Andrew Simpson. 2019. Cyber threat information sharing: Perceived benefits and barriers. In Proceedings of the 14th international conference on availability, reliability and security. 1–9.
Index Terms
- An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland
Recommendations
From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing Platforms
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and SecurityIn the last couple of years, organizations have demonstrated an increasing willingness to share data, information and intelligence regarding emerging threats to collectively protect against today’s sophisticated cyber attacks. Accordingly, several ...
A Summary of the Development of Cyber Security Threat Intelligence Sharing
In recent years, the sharing of cybersecurity threat intelligence (hereinafter referred to as threat intelligence) has received increasing attention from national network security management organizations and network security enterprises. Academia and ...
Mining Attributed Graphs for Threat Intelligence
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and PrivacyUnderstanding and fending off attack campaigns against organizations, companies and individuals, has become a global struggle. As today's threat actors become more determined and organized, isolated efforts to detect and reveal threats are no longer ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2023
1440 pages
ISBN:9798400707728
DOI:10.1145/3600160
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 August 2023
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
ARES 2023
ARES 2023: The 18th International Conference on Availability, Reliability and Security
August 29 - September 1, 2023
Benevento, Italy
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 555Total Downloads
- Downloads (Last 12 months)498
- Downloads (Last 6 weeks)59
Reflects downloads up to 19 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in