The time has come for the global cyber security community to combine forces and take the fight to cyber criminals. It’s no secret that hackers have been sharing information for a long time, says Doros Hadjizenonos, country manager f Check Point South Africa. Greater collaboration between industry stakeholders is needed if we are going to win this battle.
As the range, scope and nature of cyber threats has increased, so the potential consequences of an attack have become greater. In fact, global ransomware attacks doubled during the second half of 2016, according to Check Point’s Global Threat Intelligence Trends Report. Ransomware attacks are not only destructive but a financial problem too as we find that many customers are going the route of paying the ransom, desperate to get their data back.
Under the circumstances it has become critical for security vendors to be able to predict when and how a company will be attacked, giving us a crucial advantage in developing a defense against these threats. But the reality is that no entity on its own can know and understand every single threat that exists globally.
Historically, the most significant challenge to effective collaboration around information sharing has been the difficulty around creating a unified platform from which to share knowledge. Should any of the large security vendors perceive a threat somewhere in the world, we need to be able to take that data and quickly develop protection for our customers. But unless the data we are receiving is consistent this can be very difficult and time consuming.
A new era of industry collaboration
The good news, however, is that the Cyber Threat Alliance (CTA) has recently developed a new intelligence sharing platform that automates intelligence sharing in near-real time.
The new threat sharing platform is highly sophisticated. It analyses and validates shared input to ensure excellent and useful intelligence is the produced output. This means that once members get input we can very quickly generate protection for our technology, and in so doing, protect our clients.
To ensure that quality data is being shared rather than just quantity, all members of the alliance must remain in good standing to receive threat intelligence from the CTA. To maintain good standing, they must submit a minimum value of cyber security information each business day and will be assigned an ongoing value rating based on the information shared.
All submitted intelligence is evaluated by a value-based algorithm. The algorithm assigns points to every vendor submission, correlates it with other intelligence for mutual validation and points are added or subtracted based on correlation or contradiction by other members. The value of the data submitted by a vendor then determines how much data the vendor can receive in return. All of this is overseen by a governing body.
This new initiative truly marks a new era of industry collaboration for the greater good. Through the sharing of threat intelligence service providers are able to drive better protection for all member customers.
Rallying to the call
A new information sharing platform is just the beginning of the global industry’s push back. The CTA now has six founding members, amongst which are major cyber security vendors: Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec.
What’s more, in a critical move to formalise its operating structure, the Alliance established itself as a not-for-profit in January with dedicated funding from its founding members. Another important change for the new Alliance is the appointment of its first President, former Whitehouse Security Leader, Michael Daniel, as this will also help to streamline operations.
Greater security for our global community of clients is ultimately at the heart of the CTA’s purpose. Its aim is to improve its products by gaining verifiable, actionable, near-real time indicators of compromise from the CTA’s intelligence marketplace. This in turn makes customers more secure.
The CTA has already achieved considerable progress in cracking down on cybercrime and will continue to go from strength to strength. Through the Alliance’s co-operative efforts it cracked the code on CryptoWall version 3, one of the most lucrative ransomware families in the world, totaling more than US$325 million ransomed.
In response cyber criminals developed CryptoWall version 4, but the CTA uncovered this as well, mitigating the strength of the attack.
Moving beyond intelligence
While historically most security vendors have preferred to keep their cards close to their chest when it comes to information sharing, naysayers need to realise that collaboration is not a threat to a vendor’s ability to compete effectively.
Competitive advantage is not just about locating threats, but rather also about how we protect against those threats. You can have access to all the threat information available, but unless you have the technology to mitigate those threats, you’ll be dead in the water. Ultimately, it’s our technology that differentiates us.
Growing global collaboration
As we move forward, we need to investigate ways in which we can extend the wins achieved by the CTA.
Locally, we are seeing companies wanting to collaborate with other similar companies in the same industry to share information and experiences on security threats and compromises. The ultimate aim is to improve their security posture and provide a united front against cybercrime.
As security vendors, we need to look at coordinating initiatives like these amongst our clients and put them in touch with one another to share information in much the same way.
The more information we share with one another, the closer we’ll come to winning the war.