Threat Intelligence Sharing Deals With Cybersecurity

Uploaded on 2016-07-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the ever-shifting landscape of cyber-threats and attacks, having access to timely information and intelligence is vital and can make a big difference in protecting organizations and firms against data breaches and security incidents.

Malicious actors are getting organized, growing smarter and becoming more sophisticated, which effectively makes traditional defense methods and tools significantly less effective in dealing with new threats constantly appearing on the horizon.

One solution to this seemingly unsolvable problem is the sharing of threat intelligence in order to raise awareness and sound the alarm about new attacks and data breaches as they happen. This way we can avoid major security incidents from recurring and prevent emerging threats from claiming more victims.

Threat intelligence sharing has risen in prominence, giving birth to initiatives such as the Cyber Threat Alliance, a conglomeration of security solution vendors and researchers that have joined forces to collectively share information and protect their customers. We’ve also seen government-led efforts, such as the Cybersecurity Information Sharing Act (CISA), which is meant to ease the way for businesses to join the threat information sharing movement.

The evolution of cyber-threat intelligence sharing is culminating in the development of platforms and standards that help organizations gather, organize, share and identify sources of threat intelligence. Cyber-threat intelligence is also shortening the useful lives of attacks and is putting a heavier burden on attackers who want to stay in business.

There’s still a long way to go, but the inroads made are already showing promising signs. 

Dealing with constant changes in the threat landscape

Information gleaned from internal networks and virus definition repositories can serve as sources of threat intelligence, but much more needs to be done to deal with the constant stream of malicious IPs and domains, hacked and hijacked websites, infected files and phishing campaigns that are being spotted on the Internet.

“Today’s cyber threat landscape is polymorphic in nature — constantly changing and making it nearly impossible to detect with traditional security approaches,” says Grayson Milbourne, Security Intelligence Director at cybersecurity firm Webroot. The company’s 2016 Threat Brief has found that 97 percent of 2015’s malware have been seen on a single endpoint, and more than 100,000 new malicious IP addresses are launched every day.

“Given the evolution of malicious code and constantly changing environments, it’s critical that security controls adapt quickly and dependably,” Milbourne says, and he underlines the need to stay ahead of current threats and be able to predict future attacks, which can be achieved through the use of a collective threat intelligence ecosystem.

Many tech firms are now offering security solutions founded on the cyber-threat intelligence sharing concept. Webroot’s own proprietary intelligence sharing platform, BrightCloud, gleans threat intelligence from endpoints and combines it with input from security vendors to provide valuable real-time insights into threats and greater visibility into the behavior of an attack.

Threat intelligence sharing should become an essential aspect of any organisation’s security program.

The threat intelligence sharing trend has led other leaders in the tech industry to adopt similar initiatives. Last year, IBM declared its own threat intelligence sharing initiative, X-Force Exchange, a cloud-based platform that extends the tech giant’s decades-old security efforts and allows the clients to share their own intelligence in order to accelerate the formation of the networks and relationships needed to fight hackers.

“This community-based approach enables security teams to associate and uniquely protect one another from threats in real-time,” Milbourne explains. “As soon as a threat is detected on one endpoint, all other endpoints using the platform are immediately protected through this collective approach to threat intelligence.”

Overcoming the challenges of threat intelligence sharing

Threat intelligence sharing comes with its own caveats and presents a few challenges. “In many cases,” says Jens Monrad, Consulting System Engineer at cybersecurity firm FireEye, “organizations end up with a lot of data, sometimes just raw, unevaluated data, which end up adding an extra burden to their security team, increasing the number of events and alerts rather than decreasing it.”

Collaboration between industry peers can help improve the relevance and quality of the shared intelligence, because threats and attacks are often targeted at specific sectors such as finance, banking or retail. This way, industry leaders can better understand the threat landscape and gain insights into practices deployed by others in the industry to better safeguard their own organizations.

Instances of industry-level threat sharing efforts include the recent launch of a portal for ICS/SCADA threat sharing among nations, which took place in the aftermath of the unprecedented cyber-attack against Ukraine’s power grid.

FireEye has implemented this model with its Advanced Threat Intelligence Plus platform, which enables clients to develop threat sharing communities with trusted partners. The cybersecurity firm recently partnered with Visa to develop a joint threat intelligence initiative for Visa’s customers, which focuses on cyber-threats toward Visa and its customers.

Business, privacy and legal concerns are also proving to be barricades in efforts to share threat information. As Scott Simkin, Senior Threat Intelligence Manager at Palo Alto Networks points out in an op-ed, security vendors have been previously loath to share information to avoid losing the competitive edge, private companies fear inadvertently sharing sensitive customer information and government agencies have strict controls on the information they share.


Some of these issues can be dealt with through the use of standards, such as STIX, TAXII and CyBox, a set of free, available specifications that have standardized threat information and help with the automated exchange of indicators of compromise (IOC) and other relevant data without leaking personally identifiable information (PII).

The CISA legislation has also helped overcome challenges by lifting some of the liabilities firms and organizations would otherwise be exposed to if they shared data about security incidents.

As for the business side of things, the sheer number of new threats that are being identified on a daily basis is slowly convincing vendors that sharing threat intelligence may prove to be the only way they can protect their interests.

Beyond threat intelligence sharing

The evolution of the cyber-threat landscape has reached a point where it is beyond any individual or organization to defend themselves and their interests against the ever-shifting array of threats. “It is only a matter of when they will become victims of cyber-attacks — not if,” says Chris Doggett, SVP of Global Sales at Carbonite.

This issue can only be addressed through a pooling of efforts that expands beyond the disciplines involved in dealing with cyber threats, Doggett suggests, which should include “sharing cyber threat intelligence, collaborating to minimize vulnerabilities, gaining consensus on global standards for acceptable conduct in cyberspace, and international cooperation to enforce local laws and international standards.”

This is an approach that has been recently put to test in fighting the rising threat of ransomware, which has been growing at an explosive rate and is causing millions of dollars in damage to victims. A collective effort is being led between government agencies, cybersecurity firms and law enforcement to provide effective protection from ransomware, offer recovery solutions and disarm and apprehend the criminals behind the attacks.

On the protection level, tech companies are constantly sharing information about ransomware attacks to better understand how to avoid it and improve the efficacy of security and anti-malware tools. In tandem, efforts are being led to improve data protection and recovery solutions, such as cloud backups and data integrity tools, and security firms are working on solutions to crack the encryption algorithms of specific types of ransomware and disarm them for good.

Security researchers are also collaborating with regional and national law enforcement agencies to track and arrest the cybercriminals involved. An example of such efforts is Kaspersky Lab’s cooperation with the Netherlands Tech Crime Unit to apprehend the individuals behind the CoinVault and BitCryptor campaigns.

Carbonite is working to develop its own proprietary tools to help track malware attacks and respond to them faster and more effectively. “Based on the data we have gleaned, research, and the information sharing with others in this space,” says Doggett “we are now in a position to participate actively from a thought leadership perspective and do our part to arm all users and organizations with knowledge and tools which we believe will allow them to avoid becoming victims of ransomware attacks in the future.”

Sharing is caring

Cybercriminals have been sharing knowledge, tools and experience for a long time, which has lent to their success in staging major data breaches over the past months and years. It’s long past time that the tech community follows suit and teams up to improve general security and mitigate threats to individuals and organizations.

Threat intelligence sharing is already helping detect threats in real time and protect users from malicious encounters. It should become an essential aspect of any organization’s security program if we are to deal with the threats of the future.

TechCrunch

« The Nation State Hack-Attack
Ukrainian Hacker Pleads Guilty to US Insider Trading Charges »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.

Rakuten Maritime

Rakuten Maritime

Rakuten Maritime is your trusted partner in maritime cybersecurity, offering comprehensive and proactive solutions tailored to every stage of a ship’s life cycle.

Bytium

Bytium

Bytium provides top-tier IT services and solutions designed to empower everyone, from individuals to global corporations. Specializing in cybersecurity and proactive IT management.