The Australian Cyber Security Centre has provisionally shortlisted half a dozen potential platforms that could make it easier to exchange threat intelligence with its partners.
The ACSC late last month contacted six vendors that provide cyber threat intelligence platforms, inviting them to participate in a formal request for information process. Those vendors were identified after a market scan, but the centre has indicated it is open to rolling out other solutions — although its preference, documents released by the ACSC state, is for a commercial off-the-shelf (COTS) product.
The centre said it plans to invest in a platform that allows it to monitor threat intelligence from local and global sources, including CERTs.
“The solution will enable ACSC Partners to automatically receive threat intelligence, consisting of context-rich, actionable and timely information in a variety of formats, including advisories and automated indicator sharing,” a document issued by the ACSC states.
During the process, the centre assessed 10 platforms. The ACSC has provisionally assessed Anomali’s Threat Stream, Eclectic IQ, ThreatConnect’s TC Complete, NC4’s Soltra Edge, ThreatQuotient’s ThreatQ and TruSTAR’s Threat Intelligence as likely to meet its needs. The other platforms considered were IBM’s Qradar, FireEye, New Context, and ScoutPrime from Looking Glass.
In addition to supporting threat hunting and detection and the ingestion of intelligence from multiple sources (including industry, commercial and open source), the ACSC assessed a range capabilities that included support for incident management and IT orchestration, ability to share in TAXII and STIX formats, community management and direction, and support for MISP.
Improving the sharing of information security threats is a key pillar of Australia’s national cyber security strategy, launched in 2016.
“To better detect, deter and respond to malicious cyber activities, cyber threat information should be shared in real time between and within Australia’s public and private sectors,” the document said. As part of that emphasis on disseminating threat intelligence, the government launched a number of Joint Cyber Security Centres.
A request for tender will follow the ACSC’s information gathering exercise, with security vendors invited to respond to the RFI by 25 February.
Scammers seek to bypass MFA
The ACSC late last week issued warning about a phone scam seeking to obtain multifactor authentication credentials. The centre said that it was aware of a scam where the caller impersonates a member of an ICT service desk. The scam had targeted staff members of a “critical infrastructure organisation,” the ACSC said.
Last month, some Victorian government employees were warned about what was believed to be a phone-based social engineering campaign targeting the state’s public sector. A number of calls to public servants were made, possibly as a precursor to a phishing campaign designed to collect employee credentials.