Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Combating Emerging Threats Through Security Collaboration

It’s no surprise to anyone practicing security today that the threat landscape has grown increasingly complex. Modern attacks weave together exploits, malware, applications and evasions into long, ongoing attacks that can last days, months or even years. To respond, security teams have begun to take a more integrated overall approach to threat prevention in which multiple technologies work together and are evaluated in context of the user and application.

It’s no surprise to anyone practicing security today that the threat landscape has grown increasingly complex. Modern attacks weave together exploits, malware, applications and evasions into long, ongoing attacks that can last days, months or even years. To respond, security teams have begun to take a more integrated overall approach to threat prevention in which multiple technologies work together and are evaluated in context of the user and application.

Threat Sharing and CollaborationFor example, a modern IPS looking for exploits needs to know the application and protocols of the traffic it analyzes in order to see and stop the appropriate threats. Similarly, malware and advanced attacks are often found by correlating anomalous behaviors in the network such as the presence of unknown or customized traffic, unusual download behavior, and the use of common evasive tactics, such as using dynamic DNS. This intuitively makes sense because if we are combating a more coordinated, multi-vectored attack, then it stands to reason that we will need coordinated, multi-disciplined defenses.

Collaboration Through Sharing of Threat Data

However, even this perspective is limited to the information that we can observe on our own individual networks. As the threat landscape continues to grow more daunting, it will become increasingly important that security teams find a safe way to share data concerning threats across organizational boundaries. In much the same way that we can benefit from correlating across information in our own security silos, we can also benefit from what other security teams are seeing in the wild. Of course, a certain level of this sharing already happens in the industry in specific areas such as sharing of virus information at services such as Virus Total.

A good step in the right direction, but this will provide insight into just a single piece of an attack. We gain a different perspective entirely if we can begin to understand the process of the attack. For example, was there a phishing component? How was the user targeted and over what applications? What systems or applications were targeted or exploited? What sorts of malware were used and where had it been seen before? How was the attack ultimately detected? Of course, all of this information is not always known, but even when examined in an incomplete form, it can provide a much more realistic view into real attack strategies that we all will likely face.

Challenges, Not Road Blocks

Of course there are challenges to be addressed. Anonymity will be required to ensure that organizations can share information safely. A trusted third party will likely need to be established where information can be safely shared and normalized. This will likely need to include both government and industry resources, which will not be without its challenges. However, even with these obstacles the long-term value to all industries is hard to overlook.

Collaboration as a Competitive Advantage

I would also argue that collaboration is one of the fundamental advantages that white-hats enjoy over the black-hats. It’s important to remember that attackers are largely competitive with one another. While obviously attackers learn techniques by observing what works in successful attacks, the concept of sharing and collaboration is very rare. Sharing of information between attackers is typically limited to hacktivism groups. On the other hand, organized crime and nation-state attackers are heavily incented to keep their techniques secret. Almost by definition these criminal “for profit” organizations are prevented from sharing information in order to maintain their advantage. As enterprise security teams, we are obviously in a much better position to collaborate. Even in the case where two companies compete with one another, their security teams share the same goal and face the same threat landscape.

Advertisement. Scroll to continue reading.

If security teams, both industry and government, can commit to improved collaboration it will give these teams the ability to better track emerging infections and stay ahead of new malware techniques.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...