SHARING & SUPPORT
Supporting Sharing Communities
GRF can provide support for existing sharing communities interested in growing their capabilities and providing additional tools to their members.
Intelligence, Vulnerability Alerts and Analysis
GRF provides relevant and actionable alerts and advisories on cyber, physical and geopolitical threats and incidents specific to your industry, originating from members, government agencies, vendors, open sources and GRF analysts' research. This includes support from GRF analysts who review and enrich daily cyber open source reports, send ad-hoc reports, cross-sector intel reports with IOCs, vulnerability monitoring, and provide Deep and Dark Web detection, among other intelligence.
Community Preparedness and Response
Services include designing and managing community threat exercises, crisis management expertise, and providing other resources including Critical Information Notification System alerts via SMS, phone and email.
Capabilities that Foster Community Sharing
Access to a communications and collaboration portal with discussion threads, chat features and document repository; a threat intelligence sharing platform from Anomali for rapid intel visualization, APT mapping and trend analysis; a community listserv; involvement in member committees and user groups; and engagement on member calls, surveys, and events.
Marketing, Sales, and Operations Assistance
Assistance with member recruitment, marketing, accounting, and media communications for your sharing community.
“Creating sharing communities and driving their success is something GRF has turned into a step-by-step process, as I’ve seen at LS-ISAO. LS-ISAO has GRF’s wealth of experience to draw from when creating and implementing best practices, sharing protocols, or other seemingly minor but absolutely critical pieces necessary to create trust and further security for a community.”
Matt Kesner, Former Chief Information Officer
Fenwick & West LLP
The Power of Cross-Sector Sharing
We build highly trusted information-sharing communities.
We support organizations with:
Organizing your ISAC/ISAO
Establishing trust, processes, and standards
Sustaining a well-managed, fully funded, long-term organization
Attracting new members for more sharing
Facilitating intel exchange between members
Sourcing new intel streams from other relevant sectors and partners
Subject matter expertise and enriched analysis
Creating an ISAC/ISAO can have its challenges—from attracting members and finding new sources of information to use in creating intelligence, to developing sound sharing practices and understanding the legal requirements for this type of organization.
GRF staff have built highly trusted information-sharing communities in the financial services, legal services, energy, and utility industries. By leveraging that extensive experience and those lessons learned, GRF is able to replicate a successful model and greatly reduce the challenges faced by new or growing communities.
“Working with GRF and using the Cyware portal increased our sharing significantly. We had more activity in three months than we did in the three years before.”
Jim Linn, Chief Information Officer
American Gas Association & Executive Director, DNG-ISAC
The Network
GRF members and global partners span many different industries, forming a defensive network of thousands of organizations across five continents. Together they ensure 24/7, follow-the-sun security visibility.
GRF offers its network many benefits, from negotiated discounts on vendor tools and training to crisis response and in-depth analytical reports. GRF also offers access to its eXchange tool, an automated cross-industry, multi-directional data sharing program allowing distribution and consumption of threat information in real time.
The network has access to hundreds of thousands of Indicators of Compromise a month, with an ever-increasing amount of timely and actionable, industry-specific data. Arming members with machine-to-machine data and intelligence is a true competitive advantage against threat actors.
The DNG (Downstream Natural Gas) ISAC serves natural gas utility (distribution) companies by facilitating communications between participants, the federal government, and other critical infrastructures.
Intelligence sharing communities are recognized as one of the best defenses against cyber attacks and physical threats. At Energy Analytic Security Exchange (EASE), members are ‘trust-sourcing’ threat data and intelligence to advance the mutual security of organizations in the energy sector.
Health-ISAC Inc. (H-ISAC, Health Information Sharing and Analysis Center), is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.
Kindergarten Through Twelfth Grade Security Information Exchange – K12 SIX – is a nonprofit threat intelligence sharing community for school districts to prevent and respond to cyberthreats, together.
The Business Resilience Council (BRC) provides members with business continuity, disaster response, and resilience information and best practices on physical security issues such as major weather events, pandemics and other natural disasters, as well as geopolitical threats, civil unrest and terrorism.
Legal Services-ISAO is a member-driven community that shares actionable cyberthreat and systems vulnerability information among law firms for their mutual defense.
The National Retail Federation (NRF) IT Security Council (ITSC) is NRF’s primary membership group for retail sector cybersecurity leaders and technical experts.
To protect our nation’s critical infrastructure, the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) provides shared intelligence on cyber incidents, threats, vulnerabilities, and best practices to enhance security in the industry.
Operational Technology-ISAC facilitates the secure exchange of cyber, physical, systems vulnerability and supply chain threat intelligence in order to advance security and ensure resilient operations for Critical Information Infrastructure owners and operators.
Professional Services Information Exchange is a forum for companies to share cyber, physical, systems vulnerability and supply chain security information to protect their business, their employees, their customers, and their data.
ISACs are member-driven organizations, delivering
all-hazards threat and mitigation information to asset owners and operators. Sector-based Information Sharing and Analysis Centers collaborate with each other via the National Council of ISACs.
Manufacturing Information Sharing and Analysis Center (MFG-ISAC) is a nonprofit cybersecurity threat awareness and mitigation community for small, medium and enterprise-level manufacturers in the United States.
“Partnering with staff from GRF provided for an easy, turnkey solution. We were able to leverage existing sharing protocols, vendor relationships, and other administrative and operational processes to expedite the launch and development of the community. Because of GRF’s collocation of analysts and strong experience with cybersecurity threat sharing, we were able to immediately begin accessing, sharing, and consuming actionable intelligence. We provided sector-specific guidance, but they have the foundational process figured out.”
Andreas M. Antoniou, Former Chief Information Officer
Paul, Weiss, Rifkind, Wharton & Garrison Llp