Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/28/2015
10:30 AM
Peter Zavlaris
Peter Zavlaris
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

The Rise Of Community-Based Information Security

The more vendors, service providers, and companies' band together to fight security threats, the more difficult it will become for attacks to succeed.

Security has evolved into a game of detection and response, and the greatest weapon in this new world order is timely threat intelligence sharing. This is true primarily because details about an attack campaign provided by a peer organization can accelerate the response time to threats and limit their damage.

The good news is that there is growing support for threat intelligence sharing. In March of 2015, Andrew H. Tannenbaum, Cybersecurity Counsel for IBM, submitted testimony in support of threat information sharing before the US House of Representatives Permanent Select Committee on Intelligence. He argued that:

  • Cyber threats have become too diverse and too dynamic to completely eliminate cyber risk;
  • Businesses need to identify potential risks in their IT systems, prioritize them, and allocate security resources accordingly;
  • Cybersecurity is now a data analytics challenge.

In his testimony, Tannenbaum explained that the explosion in technology, data, and access “has created a sea of new risks and hidden vulnerabilities for hackers to exploit. The velocity and volume of this threat requires a comprehensive, risk-based approach to cybersecurity,” he said, adding that “in order to stay ahead of the attackers, companies need timely and actionable information about specific threats to their infrastructure.”

“Malicious actors,” he said, “can move through networks at light speed, so information about the attack needs to be available to potential victims in as close to real time as possible.”

 

Other calls to action

The NIST Guide to Cyber Threat Information Sharing also recently pointed to the need for organizations to enhance incident response actions and bolster cyber defenses, by harnessing “the collective wisdom of peer organizations through information sharing and coordinated incident response." Even President Obama espoused the benefits of information sharing at his summit on Cyber Security in Palo Alto. During the summit, Obama announced his executive order directing the creation of new Information Sharing and Analysis Organizations (ISAOs).

According to the 2015 Verizon Data Breach Investigations Report, using shared intelligence for "herd alertness" -- just as animals on the plains share warnings when predators are near -- requires speed to be effective. That is because 75 percent of attacks spread from Victim 0 to Victim 1 in 24 hours while 40 percent hit the second victim organization in less than an hour!

One recent industry initiative designed to accelerate the exchange of threat intelligence is Facebook ThreatExchange. According to Facebook, there are currently more than 170 ThreatExchange members contributing attack information to this community, among them, RiskIQ, and other security vendors, plus cloud and social media companies the likes of Pinterest, Dropbox, Tumblr, and Yahoo.  ThreatExchange allows security researchers to team up with peers they know and trust, to share information and perform threat analysis. The intelligence shared by members of ThreatExchange connects attacks to attack infrastructure and enables organizations to combat threats like malvertising, ransomware, and other criminal-based attacks that routinely penetrate perimeter controls and scale beyond traditional defensive measures.

The more companies share threat information, the easier it becomes to detect and respond to threats. Whether it’s private sharing of attack campaigns, long-form reports on threat actors, or just public lists of indicators -- sharing should occur without friction. The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.

Peter Zavlaris is one of the primary analysts and contributors to the RiskIQ blog, which provides weekly insights on the latest threats and attacks that target companies outside the firewall and put customers at risk. He has held various customer satisfaction positions with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PZav
100%
0%
PZav,
User Rank: Author
1/4/2016 | 5:19:44 PM
Re: Challenges
I do see that as a signficant challenge, really good question. I think other sharing platforms struggle because of it. The vision for ThreatExchange is to connect peers with previously established relationships. There will be a higher level of trust. Of course what gets shared will be at the discretion of each particpant. We will have to observe as ThreatExchange gains popularity, whether enough data is being shared openly to provide value. 
sashankdvk
100%
0%
sashankdvk,
User Rank: Apprentice
12/28/2015 | 10:43:07 PM
Challenges
Do you see any challenges for enabling participants in threat intel sharing ? like any privacy issues ? or any other things?  because most of the the threat intel (like URL's etc.) might have sensitive PII in it 
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8105
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8106
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8058
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation coul...