Sharing Cybersecurity Threat Intelligence Is the Only Way We Win

threat-intel-sharing

Cybersecurity is a team sport. The bad guys share information, expertise, and code as they help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect in which the knowledge gained by the owners of sensor networks can share data with the security analysis community.  This generosity provides the necessary breadth of data to understand trends, new infections, how botnets are communicating, whether directed targeting is occurring, and even if different attackers are collaborating.

Sadly, sharing is not the norm. Many security companies look at this data as a competitive advantage to sell their products and services. They keep it to themselves in hopes they can find a nugget and market it as a way to win new customers. But the cost of this approach is losing the bigger picture of overall effectiveness.

This attitude is slowly changing. Some security firms are stepping up and sharing more and more data, redacted from personal information and containing only attack characteristics. The combined aspects are like pieces of a massive puzzle that analysts can examine for trends. These puzzle pieces are hugely important to everyone.

I am glad to see major security vendors and researchers beginning to share insights and data. Consortiums such as the Cyber Threat Alliance and sites like VirusTotal lead the way.
cyber-threat-allianceThe Information Sharing and Analysis Organization (ISAO), established as part of a US presidential order in 2015, is developing voluntary standards for private and public data sharing.

But we need more sharing! Attacks are occurring at a phenomenal rate. Malware alone is out of control, with about 44,000 unique samples discovered every day. Security organizations must leverage each other’s information to better predict, prevent, detect, and respond to threats that their customers and organizations face.

The battle that should be fought is not between security vendors, but rather between the threats and collective defensive organizations which stand between attackers and their victims. We must work together to stem the tide of cyberattacks. Public sentiment is very important. If we want our technology to be safe, we must send a clear message to our security vendors. Share threat data or we will patronize a different supplier of security products and services. We have a voice and a vote (with our wallets).

 

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

My original post of this blog can be found on DarkReading.