Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/24/2014
12:00 PM
Connect Directly
Twitter
LinkedIn
Facebook
RSS
E-Mail vvv
50%
50%

Crowdsourcing & Cyber Security: Who Do You Trust?

A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.

As the interconnectedness of our society in cyberspace has grown exponentially, virtually every aspect of industry has become dependent on cyber networks and therefore on network security. This interconnectedness has increased the need for shared risk, and today communities of organizations must work more collaboratively. But many question -- is it really possible to do this? I would argue that it is possible, and there is progress in the crowdsourcing of cyber security.

Sharing expertise and threat intelligence within the "commons" -- resources affecting an entire community -- enhances the ability of the good guys to respond to the bad guys. Rather than operating in isolated silos, the "sharing" -- sourcing from the crowd -- enables a collective defense that, though not tipping the balance totally in favor of the good guys, certainly improves the potential for a more powerful defense.

The challenge, of course, is how to source from the crowd when trust and transparency are the watchwords of cyber security. How do you ensure the veracity of submissions ("attribution"), represented as the work of good guys and not a potential "Trojan Horse," in a world where anonymity is the norm and may in fact be a legal requirement? How do you establish an audit trail of accountability to ensure trust and transparency? How do you create an incentive system that rewards contributions from the best and brightest?

The "how" is a work in process, but there are three active representative efforts that hold promise for harnessing the creative skills of the broader cyber community at least to raise the barriers against cyber attacks.

Special interest collaborations
Groups of like-minded organizations and individuals are coming together for collaboration around a specific threat or within a defined community.

The Conficker Working Group was formed in late 2008 by a coalition of security researchers for the express purpose of pooling intelligence and expertise to defend against malicious Conficker malware. The effort was noteworthy, not only for its effectiveness, but also for the unprecedented cooperation between private and public-sector organizations and individuals from around the world.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) was launched in 1999 prompted by a 1998 presidential mandate to share information about physical and cyber security threats and vulnerabilities among the public and private sectors in order to protect the US financial community and its critical infrastructure.

FS-ISAC represents a community of trust where the organization continually collects, analyzes, vets, and disseminates relevant threat intelligence to its participating members. This was initially a US-focused effort, but in 2013, the FS-ISAC board of directors approved a charter amendment allowing for the sharing of information with financial organizations around the globe. Its recently completed Critical Infrastructure Notification System (CINS) allows the organization to speed security threats and alerts to multiple recipients around the globe nearly simultaneously while providing for user authentication and delivery confirmation.

"White hat" hired guns
For a number of years, leading technology companies such as Google, Facebook, and PayPal have managed programs where qualified white-hat hackers (and, in some cases, employees) work to detect product and network vulnerabilities in exchange for bounties. These programs have worked not only by internalizing the cat-and-mouse game of cyber attacks in a controlled environment, but also by providing a financially viable alternative to criminal activity for young engineers who are attracted to the technology challenges of hacking but might otherwise be drawn to the "dark side."

A team of former NSA researchers recently formed a Silicon Valley company called Synack. It responds to the rapidly growing community of corporations that want to find a trusted way to source the creative ability to identify and isolate vulnerabilities in their infrastructure but lack the resources and expertise to manage a highly vetted process themselves. Building on extensive career experience, the Synack team has created a network of hundreds of vetted and trusted cyber engineers who are made available to clients for vulnerability remediation on an ongoing subscription, leveraging a "pay for success" model. To ensure trust, Synack actively monitors its community of analysts. The financial services, healthcare, and e-commerce industries are among the early adopters of Synack's Crowd Security Intelligence offering.

Shared threat intelligence
A number of companies, such as AlienVault, Threat/Stream, and CloudFlare, collect threat intelligence from a spectrum of sources and package it for distribution to customers, often as part of an integrated security management platform. Through the collection, aggregation, and vetting process, these vendors look to impart trust to the intelligence they share, which would otherwise come with little transparency. Once again, the intent is to facilitate the sharing of experiences and knowledge within the user community, enabling agility and compressing time to discovery for cyber threats.

There is a great deal of interest in, and activity around, delivering on the full potential of crowdsourcing in meeting dynamic and rapidly evolving cyber security threats. At the same time, it's wise to note that our cyber protagonists have always been at the leading edge of innovative techniques for identifying, harnessing, and directing engineering creativity to achieve their nefarious objectives. In this regard, crowdsourcing may simply be another front in the cyber security wars.

Robert R. Ackerman Jr. is the founder and a Managing Director of Allegis Capital, an early-stage Silicon Valley venture capital firm that invests heavily in cyber security. Allegis cyber security portfolio companies include IronPort Systems (acquired by Cisco), Solera ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2014 | 5:58:02 PM
Re: From FOSS Came Crowdsourcing
I agree with you and have alluded to many of the same principles in another article posted. A higher emphasis needs to be put on penetration testing from a party that does not have malicious intent. Many of the security safeguards today are preventative or corrective meaning that they are both to some capacity reactive.

As you say, we need to think like the "dark side" and try to uncover threats and new intrusion methodologies before users of malicious intent do. This is one of the only ways I can see us alleviating some of the potential dangers of zero days.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/25/2014 | 1:38:34 AM
From FOSS Came Crowdsourcing
Well, maybe crowdsourcing wasn't strictly borne from the Free and Open Source Software (FOSS) communities, but it's improved because of them, I believe. I also believe strongly in this model, and I would argue that all along, hackers have been doing this, albeit some on the cyber crime side of things. Often the "everyman" of the enterprise community needs to evolve to think more like the dark side. I wouldn't say that crowdsourcing is beating the enemy because it is a superior methodology to what the hacker and cracker communities (yes, and old ones, at that) are doing, but rather it is moving computer internet security forward because the enterprise is finally catching up with the enemy.

As systems, component applications, their source code and vulnerabilities become more "open" (apologies to Richard Stallman for using the "o" word), everyone is empowered through the ability to make improvements, fix vulnerabilities and share the burden across the community.  One of the killers of the old guard of enterprise models was that everything was closed off, and while each IT silo was on its own, crackers and hackers the world over were sharing tech, exploits and trading anecdotes, strengthening the community and making it more deadly.

About time we got on board and evolved to their level.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/24/2014 | 3:57:35 PM
Good overview on pluses & minuses of crowdsourcing cyber security
Nice blog, Bob. I wonder if you'd care to expand on which "hows" you mention present th greatest challenges for crowdsourcing security. They also sound quite formidable to me! 
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19604
PUBLISHED: 2019-12-11
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-14861
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permiss...
CVE-2019-14870
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authent...
CVE-2019-14889
PUBLISHED: 2019-12-10
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
CVE-2019-1484
PUBLISHED: 2019-12-10
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.