Monday, April 30, 2012

You should check us out now!

I didn't post over the weekend as I normally would. Our next fusion report is going to hit sometime this week --a little off our pace of one per week. No problem. We're not pacing our reporting on the calendar, it's based on when we see something that we really think needs to be looked at deeper and would hold value to the members. So look for an announcement for our next report sometime this week.

In the mean time, there are several of you that I'd reached out to earlier in the year when we were kicking off. I explained the benefits of a collaborative analytic operation; talked of massive upside for your companies; the ability to obtain protections before the attacks occur in your industry; low false positive rates on indicators... the list goes on. And do you know what's happened since going live on February 11th of this year? I believe we've proven our point:
  • Our very first fusion report detailed analysis detailed APT activity --from a simple request for malware analysis. 
  • Our second and third discussed details of two different groups believed responsible for APT activities targeting two different industry segments. Report three, had it been received by the victim two years earlier when the other sector was being attacked, would have been protected.  Unfortunately they hadn't. They will next time.
  • Our last fusion report assisted an external non-member group and added a non-technical "Threat Activity Report" to the mix showing not only how the attacks occurred, but potentially what the group was looking for.  Need to show your management what the threat is without all of the technical jargon? This is the report for you. It's two pages long, high level, non-technical, and clearly shows areas this APT group is targeting.
All in all, we've come a LONG way since February 11th. The portal is up and operating nicely. We still have features we'd like to add (and we will), but a bunch of companies are talking, and we're now tracking on about 165 threads, have published seven new reports and farmed, collaborated on, and published over 200 indicators of APT compromise (or early warning indicators if you haven't seen them yet!). We've built out our 'three pillars' of analysis - discreet (malware, pcap, etc.), all-source technical fusion, and non-technical all source intelligence analysis... and the results are amazing.

So my invitation to you. If I talked with you earlier, but you were afraid of jumping into a new company, well, I'd invite you to have a look now while we're still filling Founding level memberships.

If you'd like to re-look Red Sky, contact me at jstutzman@redskyalliance.org today.

Jeff
Post a Comment