Vulnerabilities / Threats
10:30 AM
Peter Zavlaris
Peter Zavlaris
Connect Directly

The Rise Of Community-Based Information Security

The more vendors, service providers, and companies' band together to fight security threats, the more difficult it will become for attacks to succeed.

Security has evolved into a game of detection and response, and the greatest weapon in this new world order is timely threat intelligence sharing. This is true primarily because details about an attack campaign provided by a peer organization can accelerate the response time to threats and limit their damage.

The good news is that there is growing support for threat intelligence sharing. In March of 2015, Andrew H. Tannenbaum, Cybersecurity Counsel for IBM, submitted testimony in support of threat information sharing before the US House of Representatives Permanent Select Committee on Intelligence. He argued that:

  • Cyber threats have become too diverse and too dynamic to completely eliminate cyber risk;
  • Businesses need to identify potential risks in their IT systems, prioritize them, and allocate security resources accordingly;
  • Cybersecurity is now a data analytics challenge.

In his testimony, Tannenbaum explained that the explosion in technology, data, and access “has created a sea of new risks and hidden vulnerabilities for hackers to exploit. The velocity and volume of this threat requires a comprehensive, risk-based approach to cybersecurity,” he said, adding that “in order to stay ahead of the attackers, companies need timely and actionable information about specific threats to their infrastructure.”

“Malicious actors,” he said, “can move through networks at light speed, so information about the attack needs to be available to potential victims in as close to real time as possible.”


Other calls to action

The NIST Guide to Cyber Threat Information Sharing also recently pointed to the need for organizations to enhance incident response actions and bolster cyber defenses, by harnessing “the collective wisdom of peer organizations through information sharing and coordinated incident response." Even President Obama espoused the benefits of information sharing at his summit on Cyber Security in Palo Alto. During the summit, Obama announced his executive order directing the creation of new Information Sharing and Analysis Organizations (ISAOs).

According to the 2015 Verizon Data Breach Investigations Report, using shared intelligence for "herd alertness" -- just as animals on the plains share warnings when predators are near -- requires speed to be effective. That is because 75 percent of attacks spread from Victim 0 to Victim 1 in 24 hours while 40 percent hit the second victim organization in less than an hour!

One recent industry initiative designed to accelerate the exchange of threat intelligence is Facebook ThreatExchange. According to Facebook, there are currently more than 170 ThreatExchange members contributing attack information to this community, among them, RiskIQ, and other security vendors, plus cloud and social media companies the likes of Pinterest, Dropbox, Tumblr, and Yahoo.  ThreatExchange allows security researchers to team up with peers they know and trust, to share information and perform threat analysis. The intelligence shared by members of ThreatExchange connects attacks to attack infrastructure and enables organizations to combat threats like malvertising, ransomware, and other criminal-based attacks that routinely penetrate perimeter controls and scale beyond traditional defensive measures.

The more companies share threat information, the easier it becomes to detect and respond to threats. Whether it’s private sharing of attack campaigns, long-form reports on threat actors, or just public lists of indicators -- sharing should occur without friction. The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.

Peter Zavlaris is one of the primary analysts and contributors to the RiskIQ blog, which provides weekly insights on the latest threats and attacks that target companies outside the firewall and put customers at risk. He has held various customer satisfaction positions with ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
1/4/2016 | 5:19:44 PM
Re: Challenges
I do see that as a signficant challenge, really good question. I think other sharing platforms struggle because of it. The vision for ThreatExchange is to connect peers with previously established relationships. There will be a higher level of trust. Of course what gets shared will be at the discretion of each particpant. We will have to observe as ThreatExchange gains popularity, whether enough data is being shared openly to provide value. 
User Rank: Apprentice
12/28/2015 | 10:43:07 PM
Do you see any challenges for enabling participants in threat intel sharing ? like any privacy issues ? or any other things?  because most of the the threat intel (like URL's etc.) might have sensitive PII in it 
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.