Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/21/2011
02:45 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New 'Anti-Social' Social Network Lets CSOs Share

Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed

In the aftermath of the March attack on RSA, some SecurID customers turned to one another for help in deciding what to do about their organizations' potentially compromised tokens. Take The Bank of New York, which ultimately accelerated its plans to replace its tokens after its then-chief security officer (CSO) consulted with his counterparts at other companies.

"We were thinking about postponing it until 2012," says Tom Malta, a senior technology risk executive and former CSO at The Bank of New York. But after Malta posted a question to other members of an invitation-only social media network for CSOs and other security executives about how they were handling their RSA tokens in the wake of the breach, he learned most were already in the process of replacing their tokens. "I went back to my management [at The Bank of New York] and told them my peers in the industry were about to move on it, so we should do it [as well]," he says.

The RSA breach provided a classic test case for the so-called Wisegate online community, a new invitation-only social network where CSOs can confidentially share information about breaches, security events, and products. Wisegate was created last year and emerged from stealth mode in September as what its founder, Sara Gates, describes as "a private Yelp plus Match.com" aimed specifically at IT, especially information security executives such as CSOs. Gates, the former head of Sun Microsystems' identity management unit, says she conceived of the idea for an invitation-only social medium because top-level security execs need somewhere to congregate and safely and confidentially share and confer on security experiences, information, and intelligence.

"It's a resource fueled by community," Gates says. "Our mission is not to be a social network, but to be a resource that applies to delivering information from peers."

Malta, who is a founding member of the so-called Wisegate online community, says the RSA hack was a key example of how the Wisegate online community helps CSOs touch base with one another on how their organizations are handling a specific security event or new product rollout. "It helps bring a sense of urgency to our programs and enables us to go back to our companies on whether we should move on this or that," he says.

The underlying problem, of course, is that the bad guys are regularly sharing attack and other security intelligence, while victim organizations are at a disadvantage, typically isolated and without a main go-to place to share or compare their experiences.

There are plenty of other forums for sharing attack intelligence and other security issues, such as the Bay Area CSO Council, whose members arguably were one of the worst hit by Aurora, and had already been confidentially sharing various types of attack information long before that attack. The U.S. defense industry has its own online exchange for swapping attack information, for example, and the FBI-led InfraGuard events also serve as a way for local businesses, academic institutions, state and local law enforcement agencies, and CISOs to network and gain intelligence on the latest threats.

What's unique about Wisegate is that it's invitation-only, and no vendors are allowed. Phil Agcaoili, chief information security officer at Cox Communications, says the Wisegate security community is a new way for organizations to help one another defend against attackers. "Our adversaries are sharing and have been for quite some time," says Agcaoili, who is also a founding member of Wisegate. "Information-sharing on the defensive side is important … We need it across organizations, and we need people at all levels talking and sharing."

Agcaoili wouldn't give specifics on the kinds of things he discusses on the site with other CSOs and security professionals in keeping with the community's confidentiality policy, but he says the RSA compromise was a big topic this year. "We talked about the RSA compromise and came together" and shared information, he says. "Frankly, it put a little more urgency on the next steps for me and helped me solidify that there has to be more activity here, so let's not wait and make sure we are being more proactive" about responding to the RSA breach, he says.

The site's interface looks like a cross between LinkedIn, Twitter, Facebook, and other social media sites, but it doesn't really operate like them. "It's sort of an unsocial social network. This is a private, by invitation-only community just for senior execs like myself for sharing what's going on in security and in and around technology," Malta says.

The catch, however, is that Wisegate is a subscription-based community, unlike most social media sites. Individual members pay $1,000 per year. Its members say it pays for itself, however, by precluding as much conference or live meeting travel. A member can invite a colleague or friend to join; that person is then vetted by Wisegate and, if accepted, offered membership. A member must have a senior title and work for a company with more than 1,000 employees. And he or she cannot work for a vendor.

And there's always that risk that not all members will respect the confidentiality rules of engagement. That has likely been why many members are still not sharing a lot of specifics on breaches in their organizations. "People are still hesitant in sharing the gory details," Malta says. "There have been a lot talking about breaches on a firewall or perimeter security and what people are doing with malware. They are starting to get a little more specific now."

There tends to be more collaboration on threats across the security disciplines within the community, which is broken into microcommunities. "For example, a member who runs identity management for a Fortune 1000 company was telling the cybersecurity-focused members that their receptionist had the latest malware on his laptop and that had become a point of vulnerability," Wisegate's Gates says. "As a result, they are focused as much on communicating with employees for what suspicious behavior might look like as they are with what technology can do. So the identity management-centric members and the APT-centric members are able to cross security disciplines to collaborate and solve problems."

Gates says individuals can request a membership invite by visiting this link.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9561
PUBLISHED: 2019-06-19
In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7...
CVE-2018-9563
PUBLISHED: 2019-06-19
In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 ...
CVE-2018-9564
PUBLISHED: 2019-06-19
In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andro...
CVE-2019-2003
PUBLISHED: 2019-06-19
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-...
CVE-2019-2017
PUBLISHED: 2019-06-19
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 ...