Network and systems security issues? Everyone has been exposed and, as counter-intuitive as it might seem, the best protection may be sharing what you know about your own vulnerabilities and the threats you face.
Last week, IBM announced the release of a massive information-sharing tool that at least one security expert is comparing to a public health vaccine program.
IBM X-Force Exchange (XFE) is a threat intelligence (TI) sharing platform that gives users access to IBM’s huge library of security threats, vulnerabilities and attacks. IBM says “the platform can add up to 1,000 malicious indicators every hour. This data includes real-time information which is critical to the battle against cybercrime.”
The 411 on Threat Intelligence
Threat intelligence (TI), sharing knowledge about malware, data dumping, viruses and other malicious computer system vulnerabilities has been getting more attention in the security community.
“In the past few years, threat intelligence has started to mature from a marketplace and security user perspective in terms of how to best gather, organize, share and identify sources of threat intelligence,” wrote Doran Shiloach in IBM’s Security Intelligence Blog. “Sharing is one of the most exciting aspects of threat intelligence, as companies recognize that collaboration is important, and standards emerge to make it easier and faster to share information.”
Security experts using the tool can interact with IBM’s security analysts, researchers and their own peers in the industry to neutralize threats as they happen. Access to the tool is open. Users only need to register with their names and email addresses.
That isn’t a problem, say experts. It’s the size of the X-Force Exchange library, combined with the visibility that IBM provides, that makes the development of the tool unique.
“To make TI work you need massive visibility, very widely distributed,” says Martin Loeffler, Senior Information Security Consultant – Bandwidth Power and Light Inc. “Think about the flu prevention model – if you knew what the emergency rooms and community health nurses across Ontario, Canada, or the world were seeing on a minute-by-minute basis, you’d have a very good idea of what viruses are becoming dominant.”
But doesn’t access to open source intelligence make it easier for hackers to create new threats in real time as quickly as it allows B2B enterprises to neutralize them?
“Similar threat information sharing endeavours place a great deal of emphasis on who they let ‘through the door’,” notes Loeffler. “That said, hackers don’t really need to infiltrate this sort of service. They know when they’ve been spotted and locked out and, if they’re any good, will be one or more steps ahead already. The true value of threat intelligence is in alerting those who haven’t been attacked yet that something is coming. Think of it as a flu prevention program – based on data in the field, you make your best guess about what you need to defend against and you hope you guess right; it’s very much a statistical thing.”
Statistics remain frightening in the realm of threat intelligence. According to IBM’s press release, “Eighty percent of cyber attacks are driven by highly organized crime rings in which data, tools and expertise are widely shared.”
Expertise on Demand for B2B Enterprises
Tools like the IBM X-Force Exchange enables B2B enterprises to leverage expertise that they may not have available in-house.
The demand for security expertise is high while finding in-house expertise is difficult. A study conducted by ISACA, an international security professional organization and RSA Conferences, a major security conference, 82 percent of organizations expect a cyber attack, but 35 percent of them cannot fill all open positions in the security field.
Access to expertise may not be the only issue facing B2B enterprises in their fight against cybercrime. Loeffler says that security professionals themselves need to make sure they are communicating with management effectively and ensuring that they are allotted the right resources over the right amount of time.
“This is a very learning-heavy exercise, and the payoff will be that nothing bad happens, so the value of a potentially large investment won’t be obvious,” he says. “Again, it’s like a flu program: ‘Why do I keep getting flu shots – I never get sick!’ If a company is committed to TI in the long-term, the investment needs to be defensible.”
Photo via Flickr, Creative Commons