Vulnerabilities / Threats
12/28/2015
10:30 AM
Peter Zavlaris
Peter Zavlaris
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

The Rise Of Community-Based Information Security

The more vendors, service providers, and companies' band together to fight security threats, the more difficult it will become for attacks to succeed.

Security has evolved into a game of detection and response, and the greatest weapon in this new world order is timely threat intelligence sharing. This is true primarily because details about an attack campaign provided by a peer organization can accelerate the response time to threats and limit their damage.

The good news is that there is growing support for threat intelligence sharing. In March of 2015, Andrew H. Tannenbaum, Cybersecurity Counsel for IBM, submitted testimony in support of threat information sharing before the US House of Representatives Permanent Select Committee on Intelligence. He argued that:

  • Cyber threats have become too diverse and too dynamic to completely eliminate cyber risk;
  • Businesses need to identify potential risks in their IT systems, prioritize them, and allocate security resources accordingly;
  • Cybersecurity is now a data analytics challenge.

In his testimony, Tannenbaum explained that the explosion in technology, data, and access “has created a sea of new risks and hidden vulnerabilities for hackers to exploit. The velocity and volume of this threat requires a comprehensive, risk-based approach to cybersecurity,” he said, adding that “in order to stay ahead of the attackers, companies need timely and actionable information about specific threats to their infrastructure.”

“Malicious actors,” he said, “can move through networks at light speed, so information about the attack needs to be available to potential victims in as close to real time as possible.”

 

Other calls to action

The NIST Guide to Cyber Threat Information Sharing also recently pointed to the need for organizations to enhance incident response actions and bolster cyber defenses, by harnessing “the collective wisdom of peer organizations through information sharing and coordinated incident response." Even President Obama espoused the benefits of information sharing at his summit on Cyber Security in Palo Alto. During the summit, Obama announced his executive order directing the creation of new Information Sharing and Analysis Organizations (ISAOs).

According to the 2015 Verizon Data Breach Investigations Report, using shared intelligence for "herd alertness" -- just as animals on the plains share warnings when predators are near -- requires speed to be effective. That is because 75 percent of attacks spread from Victim 0 to Victim 1 in 24 hours while 40 percent hit the second victim organization in less than an hour!

One recent industry initiative designed to accelerate the exchange of threat intelligence is Facebook ThreatExchange. According to Facebook, there are currently more than 170 ThreatExchange members contributing attack information to this community, among them, RiskIQ, and other security vendors, plus cloud and social media companies the likes of Pinterest, Dropbox, Tumblr, and Yahoo.  ThreatExchange allows security researchers to team up with peers they know and trust, to share information and perform threat analysis. The intelligence shared by members of ThreatExchange connects attacks to attack infrastructure and enables organizations to combat threats like malvertising, ransomware, and other criminal-based attacks that routinely penetrate perimeter controls and scale beyond traditional defensive measures.

The more companies share threat information, the easier it becomes to detect and respond to threats. Whether it’s private sharing of attack campaigns, long-form reports on threat actors, or just public lists of indicators -- sharing should occur without friction. The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.

Peter Zavlaris is one of the primary analysts and contributors to the RiskIQ blog, which provides weekly insights on the latest threats and attacks that target companies outside the firewall and put customers at risk. He has held various customer satisfaction positions with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RiskIQBlogger
100%
0%
RiskIQBlogger,
User Rank: Author
1/4/2016 | 5:19:44 PM
Re: Challenges
I do see that as a signficant challenge, really good question. I think other sharing platforms struggle because of it. The vision for ThreatExchange is to connect peers with previously established relationships. There will be a higher level of trust. Of course what gets shared will be at the discretion of each particpant. We will have to observe as ThreatExchange gains popularity, whether enough data is being shared openly to provide value. 
sashankdvk
100%
0%
sashankdvk,
User Rank: Apprentice
12/28/2015 | 10:43:07 PM
Challenges
Do you see any challenges for enabling participants in threat intel sharing ? like any privacy issues ? or any other things?  because most of the the threat intel (like URL's etc.) might have sensitive PII in it 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Why else would HR ask me if I have a handicap?"
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.