Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
9/27/2016
11:01 AM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

Sharing Cybersecurity Threat Intelligence Is The Only Way We Win

Security organizations must leverage each other's information in order to better predict, prevent, detect, and respond to threats their customers and organizations face.

Cybersecurity is a team sport. The bad guys share information, expertise, code, and help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect where knowledge gained by owners of sensor networks can share data in a collective way to the security analysis community. This give the necessary breadth of data to understand trends, new infections, how botnets are communicating, if directed targeting is occurring, and even if different attackers are collaborating. 

Sadly, this is not the norm. Many security companies look at this data as a competitive advantage to sell their products and services. They keep it to themselves in hopes they can find a nugget and market it in a way to win over new customers. But the cost is losing the bigger picture of overall effectiveness.

This is slowly changing. Some security firms are stepping up and sharing more and more data that is redacted of personal information and contains only attack characteristics. The combined aspects are like pieces to a massive puzzle for analysts looking for trends. It is hugely important to everyone.

I am glad to see major security vendors and researchers beginning to share insights and data. Consortiums such as the Cyber Threat Alliance and sites such as VirusTotal are leading the way. The Information Sharing and Analysis Organization (ISAO), established as part of a US presidential order in 2015, is developing voluntary standards for private and public data sharing.

But more sharing must happen. Attacks are occurring at a phenomenal rate. Malware alone is out of control, with about 44,000 new unique samples being discovered every day. Security organizations must leverage each other’s information in order to better predict, prevent, detect, and respond to threats their customers and organizations face. 

The battle that should be fought is not between security vendors, but rather between the threats and collective defensive organizations that stand between these threats and their victims. We must work together to stem the tide of cyberattacks. Public sentiment is important. If we desire our technology to be safe, we must send a clear message to our security vendors: Share threat data or we will patronize a different supplier of security products and services. We have a voice and a vote (with our wallets). 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and to learn about what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist who actively advises global businesses, academia, and governments to identify emerging risks and opportunities.  Formerly the cybersecurity strategist for Intel Corp., he benefits from 30 years in the security field. He ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
jcavery
50%
50%
jcavery,
User Rank: Moderator
9/28/2016 | 2:33:10 PM
Dare to Share
There is a key difference between the good guys sharing intelligence and the bad guys sharing it. The bad guys tend to share it in underground forums, only among eachother, and if they aren't doing that, they're keeping it for themselves or selling it for money. The good guys (and media) tend to blast every vulnerability on the front page for some reason. Yes, it's important to share the intelligence, but not like that, not publicly. Once it gets shared publicly, it's more of a race to see who can exploit it before they fix it, instead of an umbrella announcement to everyone. The good guys should become more efficient at tactfully informing companies.

I have made money from bug bounties just by browsing the latest "good guy" public vulns, why is that? Wasn't the logic supposed to be that the more public the announcement, the more fixes will happen? Sometimes a company is actually safer before those public announcements are made than the days following it. There might only be 1 or 2 hackers aware of a vuln (but not able to exploit it yet) whereas after the "share", you now have 1,000 hackers looking at it, with hundreds able to exploit it. Great article, great topic, just need to drill down more details on how to execute this whole sharing thing.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
CVE-2020-13434
PUBLISHED: 2020-05-24
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.