Threat Sharing

The Threat Sharing Community platform is an early warning system deployed across a network that provides inbox-level incident response and investigation capability, giving users maximum agility and reducing response time. Users have the ability to expand their threat intelligence reach by using their collective network knowledge, as well as reduce their costs and accelerate implementation of a response. Users can also preemptively initiate inbox investigations before suffering a malicious attack, which provides proactive protection. You can access the Threat Sharing module from the Dashboard > Threat Sharing.

6. FAQ

Q: Can I hide my identity when I post an incident to a community?

‌‌A: Yes. If you do not want to disclose your name and organization when posting an incident, you can select the anonymous option offered in the preview section.

Q: How do I launch an investigation to assess the threat at my company?

A: When you see an incident posted and shared by a fellow member of a community, you can easily begin an investigation to determine potential risk to your firm by selecting the Investigate option. You will be prompted to add the criteria, target users, duration, and other details to be used as part of the investigation.

For more information, go to How to Edit, Investigate, Share, or Delete an Incident.

‌Q: Is it possible to invite someone from a company that is not currently a client to join a community?

‌A:‌ No. Community membership is limited to employees of organizations that have registered to the platform. Once an organization has registered, all registered users of that organization are eligible to participate, if they choose to do so.

For more information about invitations, go to Invitations or Invite New Members.

Q: Where are shared incidents stored?

A: Shared incidents will be maintained in the database

Q: What is the reliability of shared posts/incidents?

A: A user must accept terms and conditions before a post will be accepted in order to ensure maximum reliability of the shared information.

‌Q: Are shared threats/incidents/posts human-verified?

A: No, they are not verified. However, threat sharing communities are peer-to-peer networks formed and built on trust. This can be used to verify the posts/incidents.

Q: Is there any limit to the number of posts that can shared in a community?

A: No. You can share as many as you want to.

Q: Is it possible to leave a community of which I am the owner? Can I transfer ownership?

A: Yes. The owner of a community may transfer ownership to another member of the group. Select the name of the member to become the new owner, click on the three dots next to their name, and you have the option to Assign as Owner.

If you do not wish to assign a new owner, you also have the option to delete the community, however, please all posts and the data of the community will be erased.

Q: What is the reliability of shared posts/incidents?

A: A user must accept terms and conditions before a post will be accepted in order to ensure the maximum reliability of the shared information.

7. Use Cases

Use Case: Keep details private when posting an incident to avoid exposing confidential information

The best solution would be to post anonymously. The poster’s profile details – including the name of the individual and that of the organization - are withheld. It is also possible to select the attributes of the incident that will be visible or hidden in the Header field or Body or Attachment to provide additional confidentiality.

Use Case: Limit membership to a community

When setting up a community, the owner has a high degree of control about who can access and view that community information. The public, private, and hidden types of community offer different levels of disclosure and participation. Only public communities have unrestricted membership.

The owner of a private or hidden community has administrator rights and controls membership.

The name of a private community is displayed on the Communities homepage; however, membership is restricted.

The search option on the Communities page allows you to locate established groups in industries or sectors most relevant to your interests. For example, a user who works in financial services can search for communities concerned with banking, brokerage, investment banking, or private equity and, if the privacy options allow, become a member of those communities. It is also possible to search for industries and sectors according to the privacy option.

The Treat Sharing page also suggests communities that may be of potential interest.

If there are no existing communities of interest to join, this is an opportunity to create a new community for members of an unrepresented industry or sector.

This could be a great way to establish a presence for your community and become a thought leader within your industry or sector.

Use Case: Searching for specific incidents in the threat sharing database

The Incidents section offers several ways to search for a particular incident to determine if it may have already impacted your organization. The keyword, company, and threat fields can be used to filter the results.

This can provide excellent insights into past, present, and future threats to an organization, as well as guidance for targeted awareness training and to address any vulnerabilities in information security systems and networks.

Use Case: Assessing the threat of an incident

Community members can see which incidents are and have been considered the most harmful. The most dangerous attributes are flagged in the post, and members can immediately access the specific details and take the appropriate action for their organization.

Use Case: Using invitations to grow a community and improve security posture

Invitations are an invaluable way to expand and enrich communities. A large community has greater resources and expanded ability to improve cyber resilience. The member organizations will be better prepared for attacks based on the knowledge shared by others in the community.

There is no limit to the number of invitations to a public community, and all members may invite a colleague to join. The owner of a hidden or private community serves as a gatekeeper to membership and is the ultimate decision-maker of how many invitations are issued and to whom.

Use Case: Ensuring and enhancing the value of a community for the owner and members

The best way to make a community successful is the proactiveness of the membership, and in particular, the community owner. The larger the community, the more useful and valuable it will be for everyone, but the integrity and caliber of the membership provides additional strength, trust, and reliability.

Use Case: Defining the purpose of a community

The intended vision and goals of a community are provided when it is created and serve as a guide to activities and membership.

Use Case: What action can community members take in response to a posted incident?

Users have a range of options to choose from in response to a posted incident according to their own organization’s cybersecurity protocols and incident response procedures. Valuable information is provided related to both actual and potential threats and may be used according to individual needs.

Use Case: The community has lost its way. How can it be saved?

Priorities always change in an organization, and the same is true in the threat sharing world of communities. If the owner of a community no longer feels that it is functional, relevant or the purpose no longer exists, then the community can be deleted, and all incidents reported and which members were part of it will be destroyed as well.

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.