Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/21/2011
02:45 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New 'Anti-Social' Social Network Lets CSOs Share

Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed

In the aftermath of the March attack on RSA, some SecurID customers turned to one another for help in deciding what to do about their organizations' potentially compromised tokens. Take The Bank of New York, which ultimately accelerated its plans to replace its tokens after its then-chief security officer (CSO) consulted with his counterparts at other companies.

"We were thinking about postponing it until 2012," says Tom Malta, a senior technology risk executive and former CSO at The Bank of New York. But after Malta posted a question to other members of an invitation-only social media network for CSOs and other security executives about how they were handling their RSA tokens in the wake of the breach, he learned most were already in the process of replacing their tokens. "I went back to my management [at The Bank of New York] and told them my peers in the industry were about to move on it, so we should do it [as well]," he says.

The RSA breach provided a classic test case for the so-called Wisegate online community, a new invitation-only social network where CSOs can confidentially share information about breaches, security events, and products. Wisegate was created last year and emerged from stealth mode in September as what its founder, Sara Gates, describes as "a private Yelp plus Match.com" aimed specifically at IT, especially information security executives such as CSOs. Gates, the former head of Sun Microsystems' identity management unit, says she conceived of the idea for an invitation-only social medium because top-level security execs need somewhere to congregate and safely and confidentially share and confer on security experiences, information, and intelligence.

"It's a resource fueled by community," Gates says. "Our mission is not to be a social network, but to be a resource that applies to delivering information from peers."

Malta, who is a founding member of the so-called Wisegate online community, says the RSA hack was a key example of how the Wisegate online community helps CSOs touch base with one another on how their organizations are handling a specific security event or new product rollout. "It helps bring a sense of urgency to our programs and enables us to go back to our companies on whether we should move on this or that," he says.

The underlying problem, of course, is that the bad guys are regularly sharing attack and other security intelligence, while victim organizations are at a disadvantage, typically isolated and without a main go-to place to share or compare their experiences.

There are plenty of other forums for sharing attack intelligence and other security issues, such as the Bay Area CSO Council, whose members arguably were one of the worst hit by Aurora, and had already been confidentially sharing various types of attack information long before that attack. The U.S. defense industry has its own online exchange for swapping attack information, for example, and the FBI-led InfraGuard events also serve as a way for local businesses, academic institutions, state and local law enforcement agencies, and CISOs to network and gain intelligence on the latest threats.

What's unique about Wisegate is that it's invitation-only, and no vendors are allowed. Phil Agcaoili, chief information security officer at Cox Communications, says the Wisegate security community is a new way for organizations to help one another defend against attackers. "Our adversaries are sharing and have been for quite some time," says Agcaoili, who is also a founding member of Wisegate. "Information-sharing on the defensive side is important … We need it across organizations, and we need people at all levels talking and sharing."

Agcaoili wouldn't give specifics on the kinds of things he discusses on the site with other CSOs and security professionals in keeping with the community's confidentiality policy, but he says the RSA compromise was a big topic this year. "We talked about the RSA compromise and came together" and shared information, he says. "Frankly, it put a little more urgency on the next steps for me and helped me solidify that there has to be more activity here, so let's not wait and make sure we are being more proactive" about responding to the RSA breach, he says.

The site's interface looks like a cross between LinkedIn, Twitter, Facebook, and other social media sites, but it doesn't really operate like them. "It's sort of an unsocial social network. This is a private, by invitation-only community just for senior execs like myself for sharing what's going on in security and in and around technology," Malta says.

The catch, however, is that Wisegate is a subscription-based community, unlike most social media sites. Individual members pay $1,000 per year. Its members say it pays for itself, however, by precluding as much conference or live meeting travel. A member can invite a colleague or friend to join; that person is then vetted by Wisegate and, if accepted, offered membership. A member must have a senior title and work for a company with more than 1,000 employees. And he or she cannot work for a vendor.

And there's always that risk that not all members will respect the confidentiality rules of engagement. That has likely been why many members are still not sharing a lot of specifics on breaches in their organizations. "People are still hesitant in sharing the gory details," Malta says. "There have been a lot talking about breaches on a firewall or perimeter security and what people are doing with malware. They are starting to get a little more specific now."

There tends to be more collaboration on threats across the security disciplines within the community, which is broken into microcommunities. "For example, a member who runs identity management for a Fortune 1000 company was telling the cybersecurity-focused members that their receptionist had the latest malware on his laptop and that had become a point of vulnerability," Wisegate's Gates says. "As a result, they are focused as much on communicating with employees for what suspicious behavior might look like as they are with what technology can do. So the identity management-centric members and the APT-centric members are able to cross security disciplines to collaborate and solve problems."

Gates says individuals can request a membership invite by visiting this link.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16395
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.