By: Paul Kraus, CEO, Eastwind Networks
When it comes to IT security, the unknowns impose the greatest threat. Luckily, many types of threats are very much on the cybersecurity radar. Institutions and organizations who pay attention and take advantage of available threat information sharing are more likely to succeed in keeping their networks secure from hackers and attacks. Unfortunately, threat sharing isn’t a prevalent common practice and much available information isn’t the most complete or accurate. To discover potential threats, IT security teams need to dig deeper.
Threat information sharing – the sharing of threat intelligence – is an increasingly important method to thwarting hacker’s attack plans. But for many, compliance issues can seem like roadblocks to effective collaboration both pre- and post-intrusion. Openly communicating with others in information-sensitive industries presents legal obstacles, but navigating this landscape is increasingly worth the effort as the complex threat environment escalates.
The Power of Shared Information
Getting hacked can feel like failure and sharing that information is a vulnerability not high on anyone’s to-do list. But as the black hats are increasingly out there sharing information about hacks, vulnerabilities and zero-day threats, it only makes sense that the people on the other side of the equation need to share as well. Unfortunately, mountains of paperwork and notifying customers of a breach turns most financial institutions off from being open about any information security events. Then there are the PR troubles and lawyer fees for the potential lawsuits on top.
While the negatives of sharing information regarding a breach seems overwhelming, many industries do itself no favors by holding to the old habit of silence. After network security and breach detection is in place, the best way to counter hackers is learn from each other’s experience. In the world of IT security, shared beats scared every time. Here are three ways to engage with threat information sharing that will pay off for security and compliance.
Closed Communities
Many chatrooms and other discussion boards can provide advice and feedback for security issues, but for those who have been breached a deeper layer of support is now available. A number of closed communities have developed for mutual support in dealing with the fallout of being hacked. Tightly controlled and monitored because of the legal repercussions of sharing such delicate information, these could be likened to 12-step support groups for hacking victims. Examples include the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the National Cyber-Forensics and Training Alliance (NCFTA). Corporate counsel has the final say in what is disclosed, but these groups can offer helpful advice and strategies for moving through the disclosure and compliance process.
The Threat Information Market
Every intrusion leaves a trace. Indicators of compromise (IoC) like IP addresses linked to viruses, domain names associated with botnets and other out of the ordinary network activity are precursors to an attack. While every network should have active breach detection in place, buying threat intel helps identify network traffic that falls outside the normal range.
A lot of free information can be gleaned from the Internet, but the companies that monitor threats and compile salable intel are often a step ahead of any unpaid source. File and IP reputation services are great resources as well as an updated list of threats maintained by the FBI.
The Power of Shared Experience
Many companies are finding that sharing experiences is a powerful tool against hackers. Whether a company has been breached or not, it can be helpful engaging with others doing the same job. Reading about threats is important, but hearing someone’s first hand account of how they first noticed symptoms and then investigated only to find someone lurking in their system brings home the risks and solutions more powerfully than anything else.
Like the closed communities above, these resources can present challenges from a legal aspect, but the benefits often outweigh the risks. Many companies find it worthwhile to navigate the hassle, liability and compliance issues to successfully build community and, in the end, create smarter defenses. If hindsight is 20/20, victims of hacks need only ask themselves how much they would have given to have been warned ahead of time about the risk that turned into their reality.
The Information Age
People generally think of the information age being all about data. For those who manage public and private networks, it also needs to be about breaking down silos and sharing information through effective relationships and community. Whether through closed, subscription-based groups or a wider threat intel sharing channel, IT security personnel need more contact than a yearly conference can provide. The integrity of their network may depend on it. After the initial damage of a breach is addressed, the power to mobilize stronger cybersecurity defenses lies in the ability to share threat information.