"Who in the room can actually implement indicators, even if you have them?"
No hands went up. Not one.
When I think back six or seven years ago, I was probably the first (and loudest) in the room, vowing never to give information away that might implicate the company I was working for at the time. We had tough attorneys and a CISO who made us all sign non-disclosure agreements. Everything about the activities we'd been fighting were kept in strict confidence, and on a need to know basis. Today, some of the biggest companies in the world share information about how they're being attacked, what they find, and how they fight it. In addition to Red Sky, others are sharing in their own circles -DSIE (defense companies have their own group), the Information Sharing and Analysis Centers have become popular again, and the government has no less than a dozen outreach programs to private industry (although they seem to have a rough time sharing between themselves!). Red Sky does things a little differently than the others, but still, information is moving. It's a great sign that things are getting better.
I'll close with this. I'm an old Navy guy, and I use the analogy "We're learning to fight submarines (in cyber space)." We lost a lot of ships to German U-boats during World War I. It resulted in the US Navy creating the 10th Fleet -- folks dedicated to creating our anti submarine warfare. The result? By World War II we not only could detect and kill enemy subs, but we had our own. Know what the Navy calls their cyber guys today? 10th Fleet.
It's getting better.
Until next week,
Have a great week!