As part of our expert panel question series, we have the following question for the month of March 2017 to our expert panel members.
Cyberattacks has no boundaries and hackers usually collaborate across boundaries, while law enforcement agencies not. How can we collaborate at global level to fight against these new type of attacks with no boundaries?
Experts Responses:
A.N. Ananth
CO-FOUNDER AND CEO, EventTracker
Examples of IOCs include:
- Behavior anomalies
- Process whitelists
- IP Internal whitelists
- Internal blacklists
- Honeynets (or internal lures)
- Contributions from your own security analysts, as well as analysts at customer sites
However, a challenge with these feeds is relevance to your local network. A superior and more targeted approach is to use a blend of global threat feeds along with community and local feeds. This collection is best maintained in a threat intelligence platform, which is designed for this purpose.
Knowing that some of these IOCs will be relevant to other defenders in your community, a standard way of sharing these is important. STIX/TAXII are industry efforts to standardize and encourage such sharing.
Machine-to-machine sharing is necessary, but person-to-person collaboration shouldn’t be forgotten. Experiences can be shared in forums such as White Hat, industry groups (ex. FSISAC, Educause), public/private partnerships (ex. InfraGard) and vendor-supported user groups.
Rebecca Herold – CIPM, CIPP/IT, CIPP/US, CISSP, CISM, CISA, FLMI
Co-Founder & President, SIMBUS; and Founder & CEO, The Privacy Professor
To date the organizations that have been most cooperative with regard to cybersecurity are those that have wide international membership that are not sponsored by governments, such as ISACA and (ISC)2. International standards organizations, such as ISO/IEC, IEEE and ACM, are also good sources of international cooperation. Such organizations already collaborate with multi-national members in their working groups to create a wide variety of other types of cyber security and privacy frameworks, standards, and other work products. This history of sharing and cooperation provides a strong basis from which to build an effective and valuable international cybercrime-fighting body of information security experts. These organizations already have experience in creating and implementing policies, procedures, standards and tools; such experience would be valuable in creating these same types of work products for fighting and responding to cross-boundary cyber attacks.
You can read our expert panel members biographies here.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.