Startup to Encourage Security Information Sharing Among CISOs
A new information sharing framework is in town, and the former CISO of eBay is at the helm.
Dave Cullinane, the former chief information security officer of eBay, is the CEO and co-founder of SecurityStarfish, a startup intent on providing CISOs with a central collection point for sharing cyber-attack details and receiving information about real-world attacks. Members will be able to use the information to make plans regarding the defenses in place and protect the organization from future attacks.
There really isn’t a good system in place currently to help organizations share information or learn from each other about various incidents, Cullinane told SecurityWeek. Most times, CISOs hear about various incidents at other organizations, but never learn the details of what exactly happened, so can’t use the lessons learned to avoid being hit by similar attacks, Cullinane said.
The primary objective is to “create actionable intelligence to give CISOs the information they need to effectively protect their organizations from cyber-attacks, ” Cullinane said.
Global corporations need visibility as to what kinds of attacks are happening around the world, Cullinane said. There may be over a thousand pieces of malware being created each day, but only 100 of them may currently be used in attacks against a particular sector. That is actual information the CISO can use to prepare against real attacks, as opposed to “theoretical attacks” that may never actually materialize, Cullinane said.
Members need information that is actually relevant to the business in order to make budgetary decisions about what security measures to invest in and what areas to strengthen, Cullinane said.
SecurityStarfish will correlate attack data within industry verticals as well as across sectors to find similar threats, Cullinane said. If there is an attack that began among banks and one module was changed before education organizations were affected, and it continued to morph as it moved from sector to sector, that is a trend that would be visible and helpful to defenders to know about.
They will see that an attack went from sector to sector and modified itself with each move, and the defenders can recognize the patterns and take steps to stop it from moving to other areas, Cullinane said.
Organizations would be submitting anonymized data to SecurityStarfish, Cullinane said. When companies prepare their submissions, they can remove information and details they don’t want to disclose. SecurityStarfish will also scrub the data to ensure all identifying information has been removed, Cullinane said. These measures are important in order to establish SecurityStarfish as a “trusted entity,” he added. This was critical because otherwise, companies wouldn’t be comfortable providing information about the threats they are dealing with, Cullinane said.
“I don’t need to know what particular bank got hit with this attack. I just need to know that a financial institution was hit with this attack,” Cullinane said.
Data submitted to SecurityStarfish would be analyzed using a wide range of tools, including Hadoop, to understand and find correlations within the dataset. SecurityStarfish plans to look at threats across the board, whether it’s malware-based or network intrusion attempts, so long as they are relevant to the members.
There are quite a few information sharing frameworks nowadays, but Cullinane didn’t seem overly concerned about the crowded space.
Earlier this month, SecurityWeek highlighted “Titan”, a new malware intelligence system developed at Georgia Tech Research Institute designed to help organizations share threat intelligence and work together to understand attacks and collaborate on malware analysis and classification.
It’s “good that there are lots of people doing this,” Cullinane said, adding that SecurityStarfish would be different from many of them because it wouldn’t be facilitating information sharing with government agencies.
Cullinane envisions “starting small,” with perhaps about 50 members to begin with. The goal is to limit membership to CISOs and IT professional in various verticals, such as healthcare, energy, and financial services. For the time being, security vendors are not invited to join, he said.
Joining Cullinane as a founder of the company is Gordon Shevlin who serves as COO and executive vice president. Shevlin previously founded SiegeWorks, which was eventually acquired by acquisition by FishNet Security where he served as aexecutive vice president.
Related Reading: Threat Sharing – A Necessary Defense Strategy
Related Reading: Building a Bridge for Information Sharing
Related Reading: Intelligence Sharing Key in Cybersecurity Arms Race, Experts Say