Lead Image Photo by Ricardo Resende on Unsplash
Sharing threat information with MISP
Shared Protection
Cunning attackers often collaborate with others and share information about vulnerabilities. Companies, on the other hand, face hackers as lone warriors and all too often rely on traditional security technologies. But companies can also share IT security knowledge. One platform for sharing security information is the Malware Information Sharing Platform (MISP).
One important aspect of IT security is speed. The goal is to stay no more than one step behind the targeted attacker. Signatures for virus scanners, for instance, are delivered retroactively – after the malware appears. Users in other companies can benefit from the misfortune of the individual who was first hit by the malware when they receive the latest virus signatures from the antivirus product vendors.
The principle of sharing can extend to almost all threats to the IT infrastructure. The damage one individual suffers can help to protect other participants on a network if documentation is provided promptly and necessary information is exchanged regularly. This article shows how to set up an instance of the Threat Intelligence Sharing Platform MISP [1] and connect it to MISP instances run by administrators in other companies.
MISP is a work environment developed in Europe for the exchange of threat information. One interesting feature of MISP is the possibility of distributed use. You can run your own instance in your company and provide information for internal use so that your colleagues will be able to compare the information you report with their own reports of similar incidents.
You can also opt to share the information with external exchange partners. Your exchange partners can then share their own experiences with you in return. To be on the safe side, you can later set up a second instance and register the exchange partners as users. You then share with this additional internal instance only the reports that you can
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Diving into infrastructure security
How to deal with threat intelligence on the corporate network when the existing security tools are not effective. -
Forensic analysis with Autopsy and Sleuth Kit
Forensic admins can use the Autopsy digital forensics platform to perform an initial analysis of a failed system, looking for traces of a potential attack. -
Incident Analysis with The Hive and Cortex
Deployed together, The Hive platform and Cortex automation tool optimize the workflow for your incident response team. -
Red Hat Container Development Toolkit for container-based applications
Vagrant software makes it possible to set up a development environment quickly and efficiently. The Container Development Kit takes advantage of this feature to create a container-based environment built on Red Hat Enterprise Linux under Windows, Mac OS X, or Linux. -
Vagrant, Serf, Packer, and Consul create and manage development environments
Four open source tools – Vagrant, Serf, Packer, and Consul – facilitate a developer's work by each handling one specific task elegantly.