It’s been a busy week. Fusion report 10 was published late last week
and Fusion Report 11 on Monday night this week. Fusion Report 11 was
identified as a high confidence tightly targeted attack against a tech company
who only joined just two weeks ago. What timing!
We’ve got a lot of things going on.
·
We’re preparing to host our second quarterly
face-to-face ‘Threat Day’. This one will be hosted at the end of the month at a
member site outside of Philadelphia. Cocktails the night before will be at the
Union League. It’s a great place for happy hour, and we’re looking forward to
getting together with our members!
·
We’re working through integration of our Norman
MAG2 Analyzer, and beginning the planning for our first big data node.
·
I attended AT&T’s security conference this
week. Great group of folks. Absolutely enjoyed the conference! Good to catch up
with several folks that I hadn’t seen in a while.
Anyone who knows me knows how much I love metrics! Earlier this week I was
asked by a board member in another information sharing environment
what our participation looked like. At the time I answered off the cuff, but
after looking at our numbers this morning, here’s what I found out:
We kicked off (live) in mid-February of this year. At the
time, the portal was an empty shell…. No data. Since then we’ve worked hard to
sign up new trusted members, get communications moving, author fusion reports,
etc. In May we noted a nice uptick in member adoption. Today we host
approximately a dozen companies, and if I trust my math, 88% of our
participants authored three or more entries in May. It may not sound like a
lot, but let me tell you what that equates to since mid February:
·
Over 250 active threads with over 9000 page
views and comments
·
11 Fusion reports have been read or commented on
757 times by 43 people
·
Since going live, our malware lab has received 42
submissions, received 1047 crowd-sourced comments from by 44 users, and resulted
in nine Fusion Reports.
·
1280 qualified indicators of targeted attacks
pushed to the membership with another several hundred spanning three years,
submitted this week by a non-member.* We published the indicators, all of which are believed to be involved in targeted attacks against this company, but they're currently undergoing correlation and qualification.
* Interestingly enough, we’ve started receiving requests for
assistance from non-members ---connections to others during incident response, non-members
interested in pushing targeted attack information through our members, and
requests for speakers. We’re happy to help.
Crowd sourcing analytics works. Collaboration works.
Until next time,
Jeff