Saturday, June 09, 2012

Red Sky Alliance weekly wrap-up - Fusion Report 11 published


It’s been a busy week.  Fusion report 10 was published late last week and Fusion Report 11 on Monday night this week. Fusion Report 11 was identified as a high confidence tightly targeted attack against a tech company who only joined just two weeks ago. What timing!
We’ve got a lot of things going on.
·      We’re preparing to host our second quarterly face-to-face ‘Threat Day’. This one will be hosted at the end of the month at a member site outside of Philadelphia. Cocktails the night before will be at the Union League. It’s a great place for happy hour, and we’re looking forward to getting together with our members!
·      We’re working through integration of our Norman MAG2 Analyzer, and beginning the planning for our first big data node.
·      I attended AT&T’s security conference this week. Great group of folks. Absolutely enjoyed the conference! Good to catch up with several folks that I hadn’t seen in a while.
Anyone who knows me knows how much I love metrics! Earlier this week I was asked by a board member in another information sharing environment what our participation looked like. At the time I answered off the cuff, but after looking at our numbers this morning, here’s what I found out:
We kicked off (live) in mid-February of this year. At the time, the portal was an empty shell…. No data. Since then we’ve worked hard to sign up new trusted members, get communications moving, author fusion reports, etc. In May we noted a nice uptick in member adoption. Today we host approximately a dozen companies, and if I trust my math, 88% of our participants authored three or more entries in May. It may not sound like a lot, but let me tell you what that equates to since mid February:
·      Over 250 active threads with over 9000 page views and comments
·      11 Fusion reports have been read or commented on 757 times by 43 people
·      Since going live, our malware lab has received 42 submissions, received 1047 crowd-sourced comments from by 44 users, and resulted in nine Fusion Reports.
·      1280 qualified indicators of targeted attacks pushed to the membership with another several hundred spanning three years, submitted this week by a non-member.* We published the indicators, all of which are believed to be involved in targeted attacks against this company, but they're currently undergoing correlation and qualification.
* Interestingly enough, we’ve started receiving requests for assistance from non-members ---connections to others during incident response, non-members interested in pushing targeted attack information through our members, and requests for speakers. We’re happy to help.
Crowd sourcing analytics works. Collaboration works.
Until next time,
Jeff