Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/28/2015
10:30 AM
Peter Zavlaris
Peter Zavlaris
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

The Rise Of Community-Based Information Security

The more vendors, service providers, and companies' band together to fight security threats, the more difficult it will become for attacks to succeed.

Security has evolved into a game of detection and response, and the greatest weapon in this new world order is timely threat intelligence sharing. This is true primarily because details about an attack campaign provided by a peer organization can accelerate the response time to threats and limit their damage.

The good news is that there is growing support for threat intelligence sharing. In March of 2015, Andrew H. Tannenbaum, Cybersecurity Counsel for IBM, submitted testimony in support of threat information sharing before the US House of Representatives Permanent Select Committee on Intelligence. He argued that:

  • Cyber threats have become too diverse and too dynamic to completely eliminate cyber risk;
  • Businesses need to identify potential risks in their IT systems, prioritize them, and allocate security resources accordingly;
  • Cybersecurity is now a data analytics challenge.

In his testimony, Tannenbaum explained that the explosion in technology, data, and access “has created a sea of new risks and hidden vulnerabilities for hackers to exploit. The velocity and volume of this threat requires a comprehensive, risk-based approach to cybersecurity,” he said, adding that “in order to stay ahead of the attackers, companies need timely and actionable information about specific threats to their infrastructure.”

“Malicious actors,” he said, “can move through networks at light speed, so information about the attack needs to be available to potential victims in as close to real time as possible.”

 

Other calls to action

The NIST Guide to Cyber Threat Information Sharing also recently pointed to the need for organizations to enhance incident response actions and bolster cyber defenses, by harnessing “the collective wisdom of peer organizations through information sharing and coordinated incident response." Even President Obama espoused the benefits of information sharing at his summit on Cyber Security in Palo Alto. During the summit, Obama announced his executive order directing the creation of new Information Sharing and Analysis Organizations (ISAOs).

According to the 2015 Verizon Data Breach Investigations Report, using shared intelligence for "herd alertness" -- just as animals on the plains share warnings when predators are near -- requires speed to be effective. That is because 75 percent of attacks spread from Victim 0 to Victim 1 in 24 hours while 40 percent hit the second victim organization in less than an hour!

One recent industry initiative designed to accelerate the exchange of threat intelligence is Facebook ThreatExchange. According to Facebook, there are currently more than 170 ThreatExchange members contributing attack information to this community, among them, RiskIQ, and other security vendors, plus cloud and social media companies the likes of Pinterest, Dropbox, Tumblr, and Yahoo.  ThreatExchange allows security researchers to team up with peers they know and trust, to share information and perform threat analysis. The intelligence shared by members of ThreatExchange connects attacks to attack infrastructure and enables organizations to combat threats like malvertising, ransomware, and other criminal-based attacks that routinely penetrate perimeter controls and scale beyond traditional defensive measures.

The more companies share threat information, the easier it becomes to detect and respond to threats. Whether it’s private sharing of attack campaigns, long-form reports on threat actors, or just public lists of indicators -- sharing should occur without friction. The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.

Peter Zavlaris is one of the primary analysts and contributors to the RiskIQ blog, which provides weekly insights on the latest threats and attacks that target companies outside the firewall and put customers at risk. He has held various customer satisfaction positions with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PZav
100%
0%
PZav,
User Rank: Author
1/4/2016 | 5:19:44 PM
Re: Challenges
I do see that as a signficant challenge, really good question. I think other sharing platforms struggle because of it. The vision for ThreatExchange is to connect peers with previously established relationships. There will be a higher level of trust. Of course what gets shared will be at the discretion of each particpant. We will have to observe as ThreatExchange gains popularity, whether enough data is being shared openly to provide value. 
sashankdvk
100%
0%
sashankdvk,
User Rank: Apprentice
12/28/2015 | 10:43:07 PM
Challenges
Do you see any challenges for enabling participants in threat intel sharing ? like any privacy issues ? or any other things?  because most of the the threat intel (like URL's etc.) might have sensitive PII in it 
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10759
PUBLISHED: 2019-10-15
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10760
PUBLISHED: 2019-10-15
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-17397
PUBLISHED: 2019-10-15
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-12944
PUBLISHED: 2019-10-15
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.
CVE-2019-17195
PUBLISHED: 2019-10-15
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.