Organizations—especially large companies—often don’t learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have significantly expanded the attack surface at many organizations and made it harder for security teams to discover breaches on their own. SolarWinds for example, did not know that intruders had broken into its systems and distributed malware via its software until security vendor FireEye informed the company about a breach.
SolarWinds is one of many where a breach remained undetected for months because no one spotted it internally. So, processes for receiving and responding to inbound security intelligence—whether it’s a breach notification or information about a new significant threat—from external parties have become increasingly crucial in recent years.
“Anyone who creates products or services that have a cyber element to them should have an intake process so that external entities can report potential issues that could have an impact on their product or services,” says John Hellickson, CxO adviser, cyber strategy at Coalfire.
Here, according to him and others, are six tips for effectively implementing such a capability: