Cyber threat intelligence (CTI) sharing is a low barrier to entry, high return on investment method for improving an organization’s cybersecurity maturity. Sharing actionable threat intelligence—to include known-bad IP addresses, URLs, and file hashes—with trusted partners creates a powerful defensive web that transforms one organization’s detection into protection for remaining partners.
In healthcare, CTI sharing benefits have not been fully realized. The technology has matured with the emergence of standards and supporting tools, and the timing is excellent for making demonstrable CTI sharing progress. This presentation will delve into the key tools and technologies that make CTI sharing possible; it will explain the Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) CTI sharing standards, describe current CTI sharing tools, and enumerate healthcare CTI sharing success stories and lessons learned.