Partner Perspectives  Connecting marketers to our tech communities.
9/27/2016
11:01 AM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
50%
50%

Sharing Cybersecurity Threat Intelligence Is The Only Way We Win

Security organizations must leverage each other's information in order to better predict, prevent, detect, and respond to threats their customers and organizations face.

Cybersecurity is a team sport. The bad guys share information, expertise, code, and help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect where knowledge gained by owners of sensor networks can share data in a collective way to the security analysis community. This give the necessary breadth of data to understand trends, new infections, how botnets are communicating, if directed targeting is occurring, and even if different attackers are collaborating. 

Sadly, this is not the norm. Many security companies look at this data as a competitive advantage to sell their products and services. They keep it to themselves in hopes they can find a nugget and market it in a way to win over new customers. But the cost is losing the bigger picture of overall effectiveness.

This is slowly changing. Some security firms are stepping up and sharing more and more data that is redacted of personal information and contains only attack characteristics. The combined aspects are like pieces to a massive puzzle for analysts looking for trends. It is hugely important to everyone.

I am glad to see major security vendors and researchers beginning to share insights and data. Consortiums such as the Cyber Threat Alliance and sites such as VirusTotal are leading the way. The Information Sharing and Analysis Organization (ISAO), established as part of a US presidential order in 2015, is developing voluntary standards for private and public data sharing.

But more sharing must happen. Attacks are occurring at a phenomenal rate. Malware alone is out of control, with about 44,000 new unique samples being discovered every day. Security organizations must leverage each other’s information in order to better predict, prevent, detect, and respond to threats their customers and organizations face. 

The battle that should be fought is not between security vendors, but rather between the threats and collective defensive organizations that stand between these threats and their victims. We must work together to stem the tide of cyberattacks. Public sentiment is important. If we desire our technology to be safe, we must send a clear message to our security vendors: Share threat data or we will patronize a different supplier of security products and services. We have a voice and a vote (with our wallets). 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and to learn about what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist for Intel and benefits from 25 years in the field of security. He specializes in strategy, measuring value, and developing cost-effective capabilities and organizations that deliver optimal levels of security. Matthew helped ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jcavery
50%
50%
jcavery,
User Rank: Moderator
9/28/2016 | 2:33:10 PM
Dare to Share
There is a key difference between the good guys sharing intelligence and the bad guys sharing it. The bad guys tend to share it in underground forums, only among eachother, and if they aren't doing that, they're keeping it for themselves or selling it for money. The good guys (and media) tend to blast every vulnerability on the front page for some reason. Yes, it's important to share the intelligence, but not like that, not publicly. Once it gets shared publicly, it's more of a race to see who can exploit it before they fix it, instead of an umbrella announcement to everyone. The good guys should become more efficient at tactfully informing companies.

I have made money from bug bounties just by browsing the latest "good guy" public vulns, why is that? Wasn't the logic supposed to be that the more public the announcement, the more fixes will happen? Sometimes a company is actually safer before those public announcements are made than the days following it. There might only be 1 or 2 hackers aware of a vuln (but not able to exploit it yet) whereas after the "share", you now have 1,000 hackers looking at it, with hundreds able to exploit it. Great article, great topic, just need to drill down more details on how to execute this whole sharing thing.
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.