Partner Spotlight: NCU-ISAO Members Gain Actionable Intelligence with TruSTAR

“TruSTAR is an intuitive, centralized data repository. The TruSTAR team was able to demonstrate through preexisting relationships that the company already understood a lot of our situations as an ISAO and what we are trying to accomplish, and it was an easy partnership from that point on.”
— Brian Hinze, NCU-ISAO Vice President, Member Services and Operations

The National Credit Union Information Sharing and Analysis Organization (NCU-ISAO) was formed in 2016 to help the industry navigate the flooded waters of threat intelligence and alerts, and support credit union cyber resilience. NCU-ISAO has been using TruSTAR Intelligence Management technology, acquired by Splunk, since 2019.

We recently spoke with Brian Hinze, NCU-ISAO Vice President, Member Services and Operations, to learn more about why NCU-ISAO chose TurSTAR for intelligence management, and how member organizations are using TruSTAR for information sharing and collaboration.  

How has NCU-ISAO evolved since its inception? 
From a member standpoint, the availability of technology has helped evolve the organization and the consumption of cyber threat intelligence. Previously, deployments of advanced technologies were very expensive, and you would need a person or persons to manage information on a daily basis in order to administer it. Now, the accessibility through third-party managed service providers as well as the availability of advanced technologies like artificial intelligence and SIEMs have led to more advanced cyber resilience capability for credit unions of all sizes.

How did NCU-ISAO manage intelligence prior to implementing TruSTAR? 
We were using a notable information sharing platform that was focused on some of those advanced large-scale deployments, and it was really designed around information sharing. The options for members were to either have some sort of advanced system that could consume TAXII only or they would have to manage spreadsheets. Our process consisted of correlating and collecting the data, trying to do our own manual enrichment and then compiling that information into standard spreadsheets. This meant that organizations had to automate with something like PowerShell or Python to consume it into a firewall, copy and paste the information manually, or they would have to have the ability to connect to the online platform that we were using.

What led NCU-ISAO to switch to TruSTAR for intelligence management?
We needed a platform that was more than just a data repository. We wanted to be able to pull information out, get additional insights on data, and make the information more accessible. Automation for information sharing was also a key consideration. TruSTAR is an intuitive, centralized data repository. The TruSTAR team was able to demonstrate through preexisting relationships that the company already understood a lot of our situations as an ISAO and what we are trying to accomplish, and it was an easy partnership from that point on.

What use cases does TruSTAR solve for NCU-ISAO? 
While we did have our data repository, getting data in from multiple sources had to be simple. We collect information not only from our members, which can come in a few different shapes and sizes, but also we collect information from private sector partnerships as well as formalized government partnerships. And pulling that information, it comes in a lot of different formats. TruSTAR streamlines operations; it quickly ingests information from multiple sources and parses it out into actionable information.

Additionally, our members use a variety of tools. Some have third-party managed security service providers that can consume information on their behalf, some have tools that consume a TAXII feed, and others use SIEM tools and want to consume intelligence via API. Integrations are a prominent feature of the TruSTAR community platform, and they make it easy to consume information in different formats, then correlate and standardize it as an output. TruSTAR integrates with many of the tools our members use, and the platform also integrates with various intelligence sources that we use such as The U.S. Department of Homeland Security Cyber Information Sharing and Collaboration Program (CISCP) and MISP. 

Internally, the NCU-ISAO team uses TruSTAR to export data to our managed security service provider. They take the data out of TruSTAR and pull it into their communities, which helps protect our networks and NCU-ISAO members.

Can you speak to the benefits NCU-ISAO members receive from TruSTAR? 
We see requirements at all levels for actionable intelligence. TruSTAR benefits members whether they are smaller credit unions who outsource their information security functions in IT to a third party or larger organizations as an additional line of network defense. The platform provides members the ability to do their own investigations and correlations in the platform, and do that without having to necessarily share automatically with information sharing partners like ours. When members find information of value they can contribute back to other members with the click of a button.

Members also have access to the TruSTAR detection and triage capabilities, which provides a simple way of sharing information by forwarding any questionable emails privately. Then we can redact out any attributable information to that organization and share the anonymized key indicators of compromise to our other members. It helps us build a snapshot through member shares of what our credit union institutions and crediting industry stakeholders are seeing on a regular basis.

TruSTAR provides onboarding support to our members for Community Plus plan setup. The TruSTAR team listens to member use cases, answers their questions, and notes what information sharing community members need. The support received is a key component of our member benefits.

Outcomes:

• An intuitive, centralized data repository: TruSTAR benefits all NCU-ISAO members regardless of size and security maturity by providing one central destination to analyze and enrich relevant data.
  
• Automation of information sharing: All NCU-ISAO members receive a TruSTAR Community Plus plan to ingest and operationalize intelligence from the NCU-ISAO community and open source intelligence feeds and share relevant, anonymous data with ease.  
  
• Simple integration: TruSTAR offers easy-to-use integrations for NCU-ISAO partners who utilize SIEM and SOAR tools in their security operations or subscribe to premium intelligence feeds through their Enterprise plan offering. 
   

Learn more about becoming a TruSTAR sharing group partner. 

----------------------------------------------------
Thanks!
Mikala Vidal