Partner Perspectives  Connecting marketers to our tech communities.
9/27/2016
11:01 AM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
50%
50%

Sharing Cybersecurity Threat Intelligence Is The Only Way We Win

Security organizations must leverage each other's information in order to better predict, prevent, detect, and respond to threats their customers and organizations face.

Cybersecurity is a team sport. The bad guys share information, expertise, code, and help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect where knowledge gained by owners of sensor networks can share data in a collective way to the security analysis community. This give the necessary breadth of data to understand trends, new infections, how botnets are communicating, if directed targeting is occurring, and even if different attackers are collaborating. 

Sadly, this is not the norm. Many security companies look at this data as a competitive advantage to sell their products and services. They keep it to themselves in hopes they can find a nugget and market it in a way to win over new customers. But the cost is losing the bigger picture of overall effectiveness.

This is slowly changing. Some security firms are stepping up and sharing more and more data that is redacted of personal information and contains only attack characteristics. The combined aspects are like pieces to a massive puzzle for analysts looking for trends. It is hugely important to everyone.

I am glad to see major security vendors and researchers beginning to share insights and data. Consortiums such as the Cyber Threat Alliance and sites such as VirusTotal are leading the way. The Information Sharing and Analysis Organization (ISAO), established as part of a US presidential order in 2015, is developing voluntary standards for private and public data sharing.

But more sharing must happen. Attacks are occurring at a phenomenal rate. Malware alone is out of control, with about 44,000 new unique samples being discovered every day. Security organizations must leverage each other’s information in order to better predict, prevent, detect, and respond to threats their customers and organizations face. 

The battle that should be fought is not between security vendors, but rather between the threats and collective defensive organizations that stand between these threats and their victims. We must work together to stem the tide of cyberattacks. Public sentiment is important. If we desire our technology to be safe, we must send a clear message to our security vendors: Share threat data or we will patronize a different supplier of security products and services. We have a voice and a vote (with our wallets). 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and to learn about what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist for Intel and benefits from 25 years in the field of security. He specializes in strategy, measuring value, and developing cost-effective capabilities and organizations that deliver optimal levels of security. Matthew helped ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jcavery
50%
50%
jcavery,
User Rank: Moderator
9/28/2016 | 2:33:10 PM
Dare to Share
There is a key difference between the good guys sharing intelligence and the bad guys sharing it. The bad guys tend to share it in underground forums, only among eachother, and if they aren't doing that, they're keeping it for themselves or selling it for money. The good guys (and media) tend to blast every vulnerability on the front page for some reason. Yes, it's important to share the intelligence, but not like that, not publicly. Once it gets shared publicly, it's more of a race to see who can exploit it before they fix it, instead of an umbrella announcement to everyone. The good guys should become more efficient at tactfully informing companies.

I have made money from bug bounties just by browsing the latest "good guy" public vulns, why is that? Wasn't the logic supposed to be that the more public the announcement, the more fixes will happen? Sometimes a company is actually safer before those public announcements are made than the days following it. There might only be 1 or 2 hackers aware of a vuln (but not able to exploit it yet) whereas after the "share", you now have 1,000 hackers looking at it, with hundreds able to exploit it. Great article, great topic, just need to drill down more details on how to execute this whole sharing thing.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...