The cyber security industry has historically shared samples, meaning each vendor completed their own analysis, created their own protection controls and wrote their own intelligence reports. However, the security industry, together with businesses, needs to be as effective as the criminals in sharing actionable intelligence to stop attacks.
So says Greg Day VP & CSO, EMEA at Palo Alto Networks, who will be presenting on ‘Crowd-sourcing to beat the bad guys' during the 2016 ITWeb Security Summit, to be held at Vodaworld in Midrand from 17 to 19 May.
Day adds that even when a cyber attack is discovered, typically only the current binary is blocked. "As a result, the costs for the criminal to return to business are typically low, as the underlying infrastructure behind the attacks remains in place. Imagine if both companies and the security industry collaborated around all the potential insight they had on an attacker, so they could be identified and the whole attack infrastructure, rather than just the latest binaries being used."He says for this to be effective, enough technologies would need to be able to automatically apply this to their prevention controls. "How do we get such insight?" he asks. "The answer is that we do this by gathering broader insight on each attack and collaborating on threat analysis. Seeing and correlating across companies, industries and regions can allow us to build the big picture of the attacker and then work together to map out the whole attack infrastructure and shut it down."
According to Day, if the entire attack can be seen, and analysis worked on collaboratively to shut down the whole campaign, the cost of success for criminals can be significantly increased, at no cost to the industry, other than its willingness to share information. "This challenges the perspective on cooperation: we must stop trying to place commercial value on intelligence, likewise companies that may previously have been embarrassed to share due to the resulting admission that they had come under attack, need to see the value."
Day says that although businesses have the insight on what is really happening to them, the industry needs to gather that insight and look at the big picture
Our comments policy does not allow anonymous postings. Read the policy here