Home » ISAC

ISAC

ISAC (Information Sharing and Analysis Center) is a non-profit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and sharing it with its members.

The objective of an ISAC is to help organizations to protect themselves and at the same time to raise the level of resilience and protection of their sectors against cyber threats.

In many EU Member States, initiatives similar to ISACs exist. For example, in France, we have “CSIRT” (or sectoral ISAC) which are entities formed by companies operating in the same sector of activity.

The power of CTI during malware incident analysis replay with Glimps

These entities serve as a platform for sharing attack intelligence. All stakeholders can share incident information, including alerts on specific threats. This information is made available to all interested stakeholders. Through this process, member companies have the opportunity to join forces to better protect themselves against common risks. 

They can use the knowledge produced by the CSIRT or ISAC to make informed decisions about threats. And better detect campaigns that target their industries, business entities, or other institutions.

How does an ISAC work?

The main activities of an ISAC consist of: 

  • Sharing information on threats (including the most recent ones) and above all making analyzes and actionable intelligence available to its members;
  • Share advice on cybersecurity best practices;
  • Develop new standards and technical guidelines to strengthen the intelligence cycle.

For their implementation, an executive or management committee is first set up. Its mission is to supervise the activities and provide the strategic orientations of the ISAC.

Then, management platform like TIP is deployed. It is used to:

  • centralize all the information collected on cyber threats 
  • and share best practices in security measures.
Watch the replay of the Webinar on Sigma Correlation

What are the benefits and challenges of an ISAC?

Cyberattacks have become more frequent and sophisticated, presenting significant challenges for organizations to defend against capable threat actors. 

These actors include lone hackers, organized cyber gangs, and state-sponsored groups. They mobilize different tactics, techniques and procedures (TTP) to compromise systems, disrupt services, steal sensitive information. And their attacks are mostly motivated by financial or other goals.

Because of the risks these threats pose and their scale: at SEKOIA.IO, we believe it is increasingly important for organizations to share information about cyber threats within a community. Especially since most organizations already produce this kind of internally shared cyber threat information as part of their security operations. 

In France, this model for sharing information on cyber threats has already proven itself through sectoral CSIRTs. In a column published here, François Deurty, COO at SEKOIA.IO, explains that it is “in the interest of French companies to accelerate the sharing of information on cyber threats between them…Because cyberattacks are not often aimed at a only isolated player, and helping to protect its ecosystem is first and foremost about protecting its business.”

Additionally, exchanging cyber threat information within a sharing community allows organizations to leverage the collective knowledge, experience, and capabilities that each member brings.

Indeed, it can help organizations to:

The power of CTI during malware incident analysis replay with Glimps

How to deploy an ISAC?

To deploy an ISAC, six actions are necessary:

  1. Establish information sharing objectives in accordance with business processes and security policies;
  2. Identify existing internal sources of cyber threat information;
  3. Specify the scope of information sharing activities;
  4. Establish rules for sharing information;
  5. Encourage member companies or stakeholders to participate on an ongoing basis in information sharing efforts.

If you want to strengthen your knowledge on the subject, we invite you to discover: the way in which SEKOIA.IO TIP supports companies in accelerating their intelligence cycle (from discovery to intelligence sharing through sorting qualifications).

Further explanatory content is available at: CERT, SOC, IOC, CTI, XDR, EDR, SIEM. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platformCTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.

Others Terms

CERT(Computer Emergency Response Team)

The primary mission of a CERT is to contain computer security incidents, minimize their impact on the organization's operations and reputation, and facilitate post-crisis remediation and reconstruction.

CSIRT(Computer Security Incident Response Team)

A Computer Security Incident Response Team (CSIRT) is an operational security team who are responsible for responding to and managing computer security incidents within an organization.

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !

Chat with our team !

Would you like to know more about our solutions ?
Do you want to discover our XDR and CTI products ?
Do you have a cyber security project in your organization ?
Make an appointment and meet us !