What is an ISAC?
An ISAC or Information Sharing and Analysis Center is a way for companies and governments to share threats, attacks, and defense tips.
Normally ISACs and ISAOs are meant for industry verticals.
I haven't seen much of any sort of "hobbyist" or "volunteer" ISAC, meant for people who run homelabs, mastodon servers, etc.
I think one should exist that's specificly providing for the following:
- Fediverse software
- formal nonprofits and not-for-profits
- loose groups of people without nonprofit status
What this would involve:
- A virtual meeting space
- something on matrix, bridged to discord?
- voting via loomio?
- best practice hardening
- best practice SIEMs/SOAR/AV, etc
- automated auditing
- automated scanning
- honeypot networks
- threat intelligence
- MISP bidirectional threat feed
- higher tier services
- human auditors / bulk pricing / pro-bono?
- shared SOC?
- pro-bono IR?
- Client sysadmins!
- Security documentation writers
- Security news reporters
- Threat researchers
- pro-bono auditors? paid auditors?
- pro-bono SOC? paid soc?
- pro-bono IR? paid IR?
- port scanning all member boxes
- IP reporting (via fail2ban) enabled for all members
- shared rule development
- shared SIEM resources? (this is probably problematic)
- IFTAS (fediverse moderator focused) http://about.iftas.org/ - this'd be more than just fedi
- AbuseIPDB - this includes much more than just reporting bad activity, but responding to web-wide problems, training, hardening, etc
- Bunkerweb, TheHive, MISP (things we might use, but this ISAC isn't just one technology)
Basically an ISAC spans:
- multiple kinds of software (not just, say, mastodon)
- multiple "vendors" (well, in this case, open source security projects)
- multiple services/roles for/by members
- GDPR, privacy concerns
- people being wary of security cooperation e.g. with bidirectional threat feeds
- information sharing might be more limited because vetting might not be the same compared to other ISACs
- limited time/attention for members
- convey what it is effectively
- explain how you'd interact with it
- explain how you get value
What are your thoughts?
message me @email@example.com!