In the case of cybersecurity, we are better protected when we work together, that is, when we share intelligence to make sure we know about the latest and greatest threats that our competitors and colleagues have faced.
You hear about major cyber attacks every day, so millions of people, not to mention organizations more generally, would likely benefit from stronger information-sharing mechanisms. If we need an example of this in the real world, we need only look to the banking community where there is a weekly conference call. On a regular basis, major bankers get on a call with one another and talk about market conditions. This is a great example of how powerful it is to share – a case of strength in numbers. Programs that do security well should alert other users when they are attacked, for in the security industry, it is not simply about relying on the advise of one great expert but rather appealing to the expertise of thousands of security practitioners.
Today’s modern threat environment demands a new approach to threat intelligence – towards open and collaborative threat sharing. In the information security community, threat information by itself has no value, just importance. That makes a crucial distinction from other industries. The common enemies we face are more profound than the differences we have; threats are evolving and changing so quickly that no one person has the ability to keep up with it all. It is precisely because our adversaries are hyper-coordinated that today’s era of relentless attacks and morphing threats demands that we rise together or fall together. By working together and sharing information we can expand the reach of our threat data to enable more businesses and organisations to defend their networks against these threats.
In collaborating on threat data in the infosec community, there are three things we can do: identify who is attacking us, so if there is an attack on one of us, we all know. This is one of the biggest ways that threat sharing can benefit the entire group. To take this a step further, individuals can share accounts of how they were attacked and what means they used to discover that they were attacked in the first place. Finally, we should share what we did to resolve whatever problems arose through tools, etc.
Good security measures should be within the reach of all enterprises, yet small- to mid-market enterprise often cannot afford the tools and threat intelligence information that is available to large enterprises and federal governments. Fortunately, AlienVault’s Open Threat Exchange (OTX) enables security professionals and researchers around the world to share threat information with the goal to unify our efforts to combat the ever increasing malicious threats that plague organisations and their networks today. We are all playing on the same team against cybercriminals, and that gives us the best chance at defeating them.
Roger Thornton, CTO of AlienVault
About Alien Vault
AlienVault Labs conducts security research on global threats and vulnerabilities. The team of security experts, led by renowned Labs director, Jaime Blasco, constantly monitors, analyzes, reverse engineers, and reports on sophisticated zero-day threats including malware, botnets, phishing campaigns and more.
Using an ever-expanding array of manual and automated techniques, AlienVault Labs researchers ensure that AlienVault’s Unified Security Management™ platform is always up-to-date with the latest threat intelligence. In addition, the Labs also runs AlienVault’s Open Threat Exchange™ (OTX), an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,000 contributors from over 140 countries.