IT-ISAC Enables Collaboration and Information Sharing to Promote Best Cybersecurity Practices and Defense

TL; DR: As cyber threats increase, companies will need the most relevant insight on cybersecurity to protect their infrastructure. IT-ISAC fosters collaboration within the IT industry to drive information sharing and lend to the shared goal of improved cyber defense. Through its special interest groups and partnerships with industry associations, IT-ISAC targets unique security threats and helps industries develop tailored solutions. The ISAC continues to deliver timely threat intelligence and defensive mitigation through active collaboration among members, curated analytical reports, and detailed adversary attack playbooks that are accessible to its members and businesses of all sizes.

It’s no secret that two heads are better than one. Collaboration has the power to fuel breakthroughs, advance industry practices, and develop solutions one person can’t do alone.

Collaboration plays a massive role in driving success and improving productivity in organizations and industries as a whole. In the case of the IT sector, a collaborative atmosphere is needed more than ever with the cyber workforce shortage and the lack of soft skills such as critical thinking within individual companies. Enterprises must work together to overcome roadblocks and find solutions to their problems.

IT-ISAC leverages collaboration and information sharing within the IT industry to help improve defense and cybersecurity strategies against cyber threat actors. As attackers form criminal organizations and learn from one another, defenders will have to unite to combat their attacks.

Through the IT-ISAC membership community, IT experts and companies can share industry-specific news and techniques to develop effective security policies. IT-ISAC uses several communication and brainstorming methods to gather relevant, up-to-date information to facilitate information-sharing.

“We have dedicated forums and channels within our secure collaboration space for the members to exchange what they’re seeing. We have weekly meetings with our members where we discuss attacks, techniques, how they’re being used, and where they’re being used,” said Scott Algeier, Executive Director at IT-ISAC.

Scott also told us attackers typically repeat their methods. So by understanding an attacker’s MO, IT and cybersecurity providers can deliver better defense. IT-ISAC’s information sharing leads the way when analyzing the nature of these attacks to help enterprises manage threats to their cloud and server infrastructure.

As new attacks and threats develop, IT companies will have to remain agile and knowledgeable to combat them. IT-ISAC does so by reporting and collecting threat intelligence into documents, called adversary attack playbooks. These documents help serve as a proactive approach to recognizing threats to remain equipped against attacks.

“So the concept of the adversary attack playbook is that the better you understand your adversary, the better you can defend against them. So if you understand what we’ve learned about them, you can predict what they’re going to use next. So we’ve developed a series of these playbooks,” said Scott.

Although the IT-ISAC team built the initial playbooks, its members have helped populate it with specific details by contributing to the analysis and sharing indicators. Scott said members also have the ability to edit the playbooks.

IT-ISAC maintains the playbooks by updating them with new, relevant information and best practices. Scott told us the group has closely monitored the cyber attacks in the war between Ukraine and Russia to identify stories and write files on the nature of these attacks.

These playbooks especially help smaller companies with fewer IT resources to learn threat indicators and how threat actors operate. IT-ISAC provides detailed descriptions and summaries for companies to follow, including information on what the threat actor is doing and what type of data it is after. This way, companies can track threats and apply defensive measures for their cloud and infrastructure.

“Companies have a set of practices that are available in this playbook that they can deploy to stop these actors from getting their information. So even if you don’t have the capabilities or an APT hunting team, you can use these adversary attack playbooks to defend your networks,” said Scott.

Scott told us that IT-ISAC currently has more than 140 members. The center, however, continues to scale through partnerships instead of relying on additional membership. This way, it can better maintain quality control for its existing membership.

“We’re interested in growing our membership. We want more members to come and join us. But if you get too big, there’s a trust model. People won’t know who they’re sharing with anymore when a smaller group of people who they knew becomes this larger group of people who they don’t know,” said Scott.

IT-ISAC’s mission is to share its findings and threat intelligence with organizations within the IT sphere. To accomplish this mission, IT-ISAC partners with the information sharing organization, CompTIA, to reduce the time it takes to vet and onboard members. The CompTIA partnership helps the center reach and deliver value to more than 1,000 MSPs.

“Instead of going after each of these small, medium-sized businesses, we have a partnership with CompTIA. We’re providing threat intelligence services to their members. And they’re getting access to our analytic reports and curated information specific to managed security service providers,” said Scott.

Every industry has its specific operational technologies. So IT-ISAC runs special interest groups to address unique infrastructure threats and create tailored solutions for individual sectors.

“We have a special interest group for the food and agriculture and elections industries so they can talk about security concerns unique to their industry. But they also get the benefit of being IT-ISAC members where they get all the core IT,” said Scott.

IT-ISAC’s partnerships with industry associations and the formation of special interest groups allow it to attain a unique scaling capability that also helps drive optimized information sharing and security solutions.

IT-ISAC seeks to increase its accessibility by targeting the need for smaller trust groups. The center currently has special interest groups for several fields, including the elections, food and agriculture, security intelligence, insider threat, and physical security industries.

The IT-ISAC team just launched a special interest group for critical SaaS providers. Scott told us this group would be for the most critical providers of mission-essential services to critical infrastructure.

“As attackers form criminal organizations and learn from one another, defenders will have to unite to combat their attacks.”

“In addition to sharing information, the special interest group also wants to work toward improving the collective security of service providers because they share common customers. And there’s a lot of interest in cloud security within the DHS, so they want to demonstrate that leadership,” said Scott.

Between a new, not yet announced, partnership and the Critical SaaS special interest group, IT-ISAC is also building out a cloud security program.

“This will give us the ability to provide more reporting and visibility and insight on not only attacks on the cloud but also more reporting on attacks that leverage the cloud. So they are not attacks necessarily on these companies, but they are attacks through the cloud to get into other companies,” said Scott.