This is the fourth blog in our series covering the foundational elements that make up Neighborhood Keeper, how the information-sharing program fits into the broader context of Cyber Threat Intelligence (CTI), and how to operationalize this resource to augment network defense. So far, this series has focused on using the data within Neighborhood Keeper to empower analysts to better understand events within their network. While that remains a central use case, on a longer time horizon the same data can provide insights which are relevant for executive audiences more focused on resource planning and strategic considerations. This blog covers these more strategic use cases, some recent changes to Neighborhood Keeper to make these observations more accessible, and how to leverage these strategic insights with Neighborhood Keeper to engage with an executive audience.

Data-Driven Decisions

Neighborhood Keeper data, when correctly filtered and viewed over a longer time horizon, provides a strategic perspective on the threat landscape, as seen through the lens of the totality of Neighborhood Keeper participants. This unique visibility surfaces a class of information which can be incredibly helpful in lifting insights to deliver to an executive audience.

This can be as simple as a recurring quarterly round-up for leadership cataloging the types of threats and activities observed across the community contrasted with a specific participant environment. This information can provide additional context for any incidents triaged in the same time frame or to set the scene for covering interesting reporting identified by a CTI or security team which are deemed relevant to the target industry.

As another potential use case, the compilation of the most prevalent adversary-related detections or most common vulnerabilities across the Neighborhood Keeper corpus over the course of a year can empower executive decision makers with community-wide visibility and data to inform resourcing decisions. These trends provide useful insights to aid in assessing where an organization maintains robust defenses from adversary activity as observed in actual networks, as well as those areas which may benefit from additional investment in security, visibility, and logging.

Same Data, Different Context

Within the data held by any given tool, valuable insights for a variety of audiences, including those at varying levels of responsibility and technical depth, are often theoretically available. However, if that tool is specifically designed with the needs of a hands-on technical user in mind, rather than those of an executive audience, then those strategic insights may prove difficult to extract. This doesn’t make them or a broader view of the data less valuable, nor does it mean that a technical analyst tasked with preparing content for that same executive audience will be able to quickly extract the higher-level insights they seek.

With these challenges and competing imperatives in mind, Dragos has recently made several changes to the Neighborhood Keeper portal to make a strategic overview of community data more easily accessible and readily exportable. This new “Insights” view can be accessed from the menu in the top left corner of the Neighborhood Keeper main page.

Within this view, it is possible to generate reports based on different datasets, time windows, and intervals.

As well as filters which are analogous to those available on the home page.

There is also the ability to export the configured view as a graph in .jpeg or .pdf format, for ease of inclusion in presentations or documentation.

This is an innovative potential use case for Neighborhood Keeper in the context of CTI teams and security teams support to executive leadership. Neighborhood Keeper data, when filtered and visualized over a long enough timeframe, can provide unique insights into threats and vulnerabilities across the community at a strategic level.

The next blog in this series will look at use cases for Neighborhood Keeper data when considering the Vulnerability landscape. We’re excited to continue to provide Neighborhood Keeper participants additional approaches to maximize the benefits from participation in the program. If you’d like to catch up on the earlier posts in this series, we introduced Neighborhood Keeper in the Broader Context of threat intelligence, Trend Analysis with Neighborhood Keeper data, as well as Long Tail Analysis.